PatchSiren cyber security CVE debrief
CVE-2025-71252 Unisoc CVE debrief
CVE-2025-71252 is a high-severity remote denial-of-service issue in Modem IMS caused by improper input validation. According to NVD, the flaw can be triggered over the network with no additional execution privileges and no user interaction, and the impact is loss of availability rather than code execution or data exposure. NVD references a Unisoc vendor advisory for further product guidance.
- Vendor
- Unisoc
- Product
- CVE-2025-71252
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-06
- Original CVE updated
- 2026-05-11
- Advisory published
- 2026-05-06
- Advisory updated
- 2026-05-11
Who should care
Security teams responsible for Android devices or products that include Unisoc Modem IMS components should review this issue promptly, especially fleet operators and OEMs that depend on vendor firmware updates. Because the issue is network-reachable and requires no privileges, exposed devices and unmanaged consumer fleets warrant attention.
Technical summary
NVD describes CVE-2025-71252 as an improper input validation problem in Modem IMS. The assigned CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates a remotely reachable issue with low attack complexity, no privileges required, no user interaction, and a high availability impact. NVD also lists a vendor advisory from Unisoc as the reference point for mitigation details.
Defensive priority
High. The combination of remote reachability, no authentication requirement, and high availability impact makes this a priority for patch and exposure review in environments using affected components.
Recommended defensive actions
- Check whether your devices or firmware images include the affected Modem IMS component referenced by the vendor advisory.
- Monitor the Unisoc vendor advisory for product-specific remediation guidance and apply vendor-recommended updates as soon as they are available.
- Prioritize devices that are externally reachable or difficult to update, since the issue can be triggered remotely without privileges.
- Validate fleet inventory against the affected Android CPE entries listed by NVD and confirm whether your deployment is impacted.
- After remediation, confirm the updated firmware or system image version across managed devices.
Evidence notes
Source evidence is limited to the official CVE/NVD record and the referenced Unisoc vendor advisory. NVD records the issue as a Modem IMS improper input validation flaw, CVSS 7.5 High, AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, with vulnStatus set to Analyzed. NVD’s reference list includes the Unisoc advisory URL. The corpus does not provide exploit details, patch version numbers, or vendor remediation steps, so this debrief avoids those unsupported specifics.
Official resources
-
CVE-2025-71252 CVE record
CVE.org
-
CVE-2025-71252 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed in the official CVE record and NVD on 2026-05-06, with the NVD record last modified on 2026-05-11. The available corpus references a Unisoc vendor advisory but does not include additional disclosure timeline details.