PatchSiren cyber security CVE debrief
CVE-2025-71253 Unisoc CVE debrief
CVE-2025-71253 is a High-severity denial-of-service issue reported in Unisoc Modem IMS. According to the CVE description, improper input validation could let a remote attacker disrupt service without needing execution privileges. NVD rates the issue 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), which points to a network-reachable availability impact rather than data theft or code execution. NVD also links to a Unisoc vendor advisory, and the affected platform entries include Android 13 through Android 16.
- Vendor
- Unisoc
- Product
- CVE-2025-71253
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-06
- Original CVE updated
- 2026-05-11
- Advisory published
- 2026-05-06
- Advisory updated
- 2026-05-11
Who should care
Security teams and device operators responsible for Android systems that include Unisoc modem/IMS components, especially where the device firmware tracks the Android 13, 14, 15, or 16 CPE entries listed by NVD. Managed fleets, mobile carriers, OEMs, and incident responders should prioritize validation of vendor bulletin guidance and firmware status.
Technical summary
The available evidence describes an improper input validation flaw in Modem IMS. The stated impact is remote denial of service with no additional execution privileges needed. NVD’s CVSS vector indicates a network attack path with low complexity, no privileges, no user interaction, and high availability impact only. NVD’s weakness metadata is generic (NVD-CWE-noinfo), so the specific validation failure mode is not identified in the supplied corpus.
Defensive priority
High. The CVSS score is 7.5 and the issue is remotely reachable, unauthenticated, and availability-impacting. For mobile and carrier-managed environments, service disruption on modem/IMS paths can be operationally significant even without confidentiality or integrity impact.
Recommended defensive actions
- Review the Unisoc vendor advisory referenced by NVD and confirm whether your firmware build includes the affected Modem IMS component.
- Inventory Android 13/14/15/16 devices in scope and map them to the vendor's affected software or firmware releases.
- Apply vendor firmware updates or carrier/OEM remediation guidance as soon as available.
- Monitor for unexpected modem/IMS instability, crash loops, or repeated service interruptions on affected devices.
- If patching is delayed, isolate or segment high-value devices where feasible and increase operational monitoring for availability degradation.
Evidence notes
All substantive claims in this debrief are grounded in the supplied NVD record and its linked Unisoc vendor advisory reference. The CVE description states improper input validation in Modem IMS leading to remote denial of service with no additional execution privileges. NVD classifies the issue as CVSS 7.5 HIGH, vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, and records affected Android 13-16 CPE entries plus a vendor advisory reference. No exploit details, proof-of-concept, or unverified product-specific remediation steps are included.
Official resources
-
CVE-2025-71253 CVE record
CVE.org
-
CVE-2025-71253 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Published in NVD/CVE on 2026-05-06 and modified on 2026-05-11. The supplied corpus links to a Unisoc vendor advisory, but no KEV listing is present in the provided data.