Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.Join the Virtual Cyber Forum: Threat IntelRegister Now
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-61608

CVE-2025-61608: Google Android DOS Vulnerability

CVE-2025-61608 is a denial of service vulnerability in Google Android's nr modem component that allows remote system crashes. This post covers the technical details, affected versions, security impact, and mitigation steps.

Updated: January 22, 2026

CVE-2025-61608 Overview

CVE-2025-61608 is a high-severity vulnerability affecting the NR (New Radio) modem component in Google Android devices running on Unisoc chipsets. The vulnerability stems from improper input validation within the modem subsystem, which could allow a remote attacker to trigger a system crash, resulting in a denial of service condition. Notably, exploitation requires no additional execution privileges, making this vulnerability particularly concerning for mobile device security.

Critical Impact

Remote attackers can cause system-wide denial of service on affected Android devices with Unisoc chipsets without requiring any user interaction or special privileges.

Affected Products

  • Google Android 13.0, 14.0, 15.0, and 16.0
  • Unisoc T8100
  • Unisoc T8200
  • Unisoc T8300
  • Unisoc T9100

Discovery Timeline

  • 2025-12-01 - CVE-2025-61608 published to NVD
  • 2025-12-02 - Last updated in NVD database

Technical Details for CVE-2025-61608

Vulnerability Analysis

This vulnerability carries a CVSS v3.1 score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The scoring reflects several critical characteristics:

  • Attack Vector (AV:N): Network-based attack surface, exploitable remotely
  • Attack Complexity (AC:L): Low complexity, straightforward to exploit
  • Privileges Required (PR:N): No authentication or privileges needed
  • User Interaction (UI:N): No user interaction required
  • Confidentiality (C:N): No confidentiality impact
  • Integrity (I:N): No integrity impact
  • Availability (A:H): High availability impact - complete denial of service

The EPSS (Exploit Prediction Scoring System) indicates a probability of 0.153% with a percentile of 36.6, suggesting moderate likelihood of exploitation in the wild.

Root Cause

The root cause of CVE-2025-61608 lies in improper input validation within the NR modem firmware stack. The modem component fails to adequately validate incoming network data, allowing malformed or crafted input to bypass security checks. When the modem processes this invalid input, it triggers an unhandled exception or memory access violation that causes the entire system to crash.

The vulnerability affects the baseband processor handling 5G NR (New Radio) communications on Unisoc T-series chipsets. Since the modem operates at a low level in the device architecture, a crash in this component can propagate to affect the entire Android operating system.

Attack Vector

The attack can be executed remotely over a network connection. An attacker could exploit this vulnerability by sending specially crafted network packets or signaling messages to a target device's modem. The attack characteristics include:

  • Remote exploitation without physical access to the device
  • No authentication or user credentials required
  • No user interaction needed (zero-click attack potential)
  • Targets the baseband modem layer which handles cellular communications

The vulnerability could potentially be exploited through malicious base stations, man-in-the-middle attacks on cellular connections, or through crafted network traffic if the attacker has network-level access.

Detection Methods for CVE-2025-61608

Indicators of Compromise

  • Unexpected device reboots or crashes, particularly during cellular connectivity
  • Modem subsystem crash logs indicating invalid input processing
  • Repeated system crashes when the device is connected to specific cell towers or networks
  • Anomalous baseband processor behavior visible in kernel logs

Detection Strategies

Organizations should implement the following detection measures:

  1. Device Monitoring: Deploy mobile device management (MDM) solutions capable of monitoring device stability and crash reports
  2. Log Analysis: Collect and analyze Android system logs for modem-related crash signatures
  3. Network Traffic Analysis: Monitor for anomalous cellular signaling patterns that may indicate exploitation attempts
  4. Firmware Version Tracking: Maintain inventory of device firmware versions to identify vulnerable devices

Monitoring Recommendations

Security teams should establish baseline metrics for device stability and alert on deviations. SentinelOne Singularity Mobile provides comprehensive visibility into mobile device behavior, enabling detection of denial-of-service conditions and anomalous system crashes that may indicate exploitation of vulnerabilities like CVE-2025-61608. Continuous monitoring of device health metrics and crash telemetry can help identify potential attack patterns before they impact business operations.

How to Mitigate CVE-2025-61608

Immediate Actions Required

  • Review the Unisoc security advisory at the vendor URL for specific patch information
  • Inventory all Android devices using Unisoc T8100, T8200, T8300, or T9100 chipsets
  • Prioritize patching devices running Android 13.0 through 16.0 on affected chipsets
  • Consider restricting devices to trusted network connections until patches are applied
  • Enable automatic security updates on affected devices

Patch Information

Unisoc has released a security advisory addressing this vulnerability. Organizations should consult the official vendor advisory for detailed patch information:

Vendor Advisory: https://www.unisoc.com/en/support/announcement/1995394837938163714

Device manufacturers using Unisoc chipsets should integrate the security patches into their firmware updates. End users should apply the latest security updates provided by their device manufacturers as soon as they become available.

Workarounds

While no official workarounds have been published, organizations can reduce risk through the following measures:

  • Limit exposure by restricting affected devices to trusted cellular networks where possible
  • Implement network-level monitoring to detect potential exploitation attempts
  • Consider using alternative devices for sensitive operations until patches are applied
  • Deploy SentinelOne Singularity Mobile to gain visibility into device behavior and detect anomalous activity

Organizations should prioritize applying official patches as workarounds cannot fully address the underlying vulnerability in the modem firmware.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechGoogle Android
  • SeverityHIGH
  • CVSS Score7.5
  • EPSS Probability0.15%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • NVD-CWE-noinfo
  • Vendor Resources
  • Vendor Advisory
  • Related CVEs
  • CVE-2026-0109: Google Android DoS Vulnerability
  • CVE-2025-61616: Google Android DOS Vulnerability
  • CVE-2025-61615: Google Android DOS Vulnerability
  • CVE-2025-61614: Google Android DOS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English