CVE-2025-71251 Unisoc CVE debrief

Who should care

Security teams responsible for Android 13-16 device fleets, OEMs, carriers, and operations teams that consume Unisoc security advisories should review this CVE. It is especially relevant anywhere a remote crash could disrupt device availability or service continuity.

Technical summary

NVD records CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The published weakness classification is NVD-CWE-noinfo, so the precise CWE is not specified in the source record. NVD’s CPE data marks Google Android 13.0, 14.0, 15.0, and 16.0 as vulnerable, and the record includes a Unisoc vendor advisory reference. The impact described in the source is a possible system crash leading to remote denial of service.

Defensive priority

High. The issue is remotely reachable, requires no privileges or user interaction, and affects availability. Prioritize validation of exposure and apply vendor guidance as soon as it is available for your platform.

Recommended defensive actions

• Check whether any Android 13-16 devices or images in your environment align with the affected CPE scope in the NVD record.
• Review the linked Unisoc product security bulletin for mitigation or update guidance.
• Apply vendor-provided firmware, OS, or security updates as soon as they are released for affected device models.
• Monitor device stability and crash telemetry for signs of repeated IMS-related failures.
• If you operate an OEM or fleet, coordinate with your device supplier to confirm whether their builds include the remediation.

Evidence notes

This debrief is based only on the official NVD record for CVE-2025-71251 and the linked Unisoc vendor advisory. Source data shows vulnStatus as Analyzed, publishedAt 2026-05-06T02:16:03.400Z, modifiedAt 2026-05-11T15:13:47.117Z, and no KEV entry. NVD lists affected platforms as Google Android 13.0 through 16.0 and records NVD-CWE-noinfo.

Official resources