PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-71255 Unisoc CVE debrief

CVE-2025-71255 is a remotely reachable denial-of-service issue tied to improper input validation in Modem IMS. NVD rates it HIGH with a 7.5 CVSS score, and the published details indicate no additional execution privileges are needed. The available source corpus points to affected Android 13 through Android 16 environments and cites a Unisoc vendor advisory.

Vendor
Unisoc
Product
CVE-2025-71255
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-06
Original CVE updated
2026-05-11
Advisory published
2026-05-06
Advisory updated
2026-05-11

Who should care

Android OEMs, device integrators, fleet operators, and security teams responsible for devices or firmware that include the affected Modem IMS component should review this advisory promptly.

Technical summary

According to NVD, CVE-2025-71255 is caused by improper input validation in Modem IMS and can lead to remote denial of service. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates a network-reachable issue with no privileges or user interaction required and availability impact only. NVD lists vulnerable Android CPEs for versions 13.0, 14.0, 15.0, and 16.0. The weakness classification provided by NVD is generic (NVD-CWE-noinfo), so the public corpus does not supply a more specific CWE.

Defensive priority

High. This is a remotely triggerable availability issue with no privileges required, so exposed or widely deployed Android fleets should prioritize vendor guidance and patch validation.

Recommended defensive actions

  • Review the Unisoc vendor advisory and any downstream OEM security bulletin for affected builds and remediation guidance.
  • Inventory Android 13 through Android 16 devices and firmware to identify systems that may include the affected Modem IMS component.
  • Apply vendor-provided updates or mitigations as soon as they are available from the device manufacturer or platform integrator.
  • Prioritize internet-facing, carrier-managed, and enterprise-managed mobile fleets for validation and rollout.
  • Monitor for service instability or repeated modem-related crashes that could indicate exposure before remediation.
  • Use the NVD and CVE record as confirmation sources, but rely on the OEM or device vendor for actual patch availability and rollout timing.

Evidence notes

All facts in this debrief are drawn from the supplied official corpus: NVD lists CVE-2025-71255 as a High-severity issue published on 2026-05-06 and last modified on 2026-05-11, with the description 'possible improper input validation' in Modem IMS leading to remote denial of service without additional execution privileges. NVD references a Unisoc vendor advisory and lists vulnerable Android 13.0 through 16.0 CPE entries. The supplied corpus does not include exploit details, patch identifiers, or full advisory text.

Official resources

Publicly disclosed through official CVE and NVD records, with NVD referencing a Unisoc vendor advisory. The supplied corpus does not include exploit code, proof-of-concept material, or detailed remediation text.