CVE-2025-61613 Overview
CVE-2025-61613 is an improper input validation vulnerability [CWE-20] in the Unisoc 5G New Radio (NR) modem firmware. The flaw allows a remote attacker to trigger a system crash through malformed input processed by the modem stack. Exploitation requires no authentication, no user interaction, and can be performed over the network.
The vulnerability affects multiple Unisoc chipsets including the T8100, T8200, T8300, and T9100, which are integrated into Android devices running versions 13 through 16. Successful exploitation results in a denial-of-service condition affecting cellular connectivity on the targeted device.
Critical Impact
Remote attackers can crash the modem subsystem on affected Android devices without any privileges or user interaction, disrupting cellular communications.
Affected Products
- Google Android versions 13.0, 14.0, 15.0, and 16.0
- Unisoc T8100 and T8200 chipsets
- Unisoc T8300 and T9100 chipsets
Discovery Timeline
- 2026-03-09 - CVE-2025-61613 published to the National Vulnerability Database
- 2026-03-09 - Last updated in NVD database
Technical Details for CVE-2025-61613
Vulnerability Analysis
The vulnerability resides in the NR (5G New Radio) modem firmware shipped with several Unisoc system-on-chip platforms. The modem fails to properly validate input before processing, leading to a crash of the modem subsystem. Because the modem handles cellular protocol messages received over the air, a network-positioned attacker can deliver crafted radio frames to trigger the fault.
The issue is classified as Improper Input Validation [CWE-20]. The modem accepts data that falls outside of expected ranges or formats, then operates on it without adequate sanity checks. This produces an unrecoverable fault that takes the modem offline until the device or baseband is reset.
The impact is limited to availability. The advisory states that no additional execution privileges are gained and confidentiality and integrity are not affected. Exploitation produces a denial-of-service condition against cellular services.
Root Cause
The root cause is missing or incomplete validation of fields in messages handled by the NR modem stack. Inputs that should be rejected as malformed are instead passed into processing routines, where they trigger a fatal error. The Unisoc advisory does not identify the specific protocol layer or field involved.
Attack Vector
An attacker within radio range, or operating a rogue base station, can transmit crafted 5G NR signaling to a target device. Because the attack vector is network-based with low complexity and no authentication required, mass disruption of devices in a cell coverage area is feasible. See the Unisoc Support Announcement for vendor details.
No public proof-of-concept exploit code is available for CVE-2025-61613 at the time of publication.
Detection Methods for CVE-2025-61613
Indicators of Compromise
- Unexplained modem resets, baseband crashes, or loss of cellular connectivity on affected Unisoc-based Android devices
- Repeated RIL (Radio Interface Layer) errors or modem restart events in device logs
- Clusters of devices in the same geographic area losing cellular service simultaneously, which may indicate a rogue base station
Detection Strategies
- Monitor mobile device management (MDM) telemetry for cellular connectivity drops correlated across devices using Unisoc T8100, T8200, T8300, or T9100 chipsets
- Inspect Android logcat and bug reports for repeated modem subsystem restart entries, which can indicate exploitation attempts
- Correlate cellular outage events with physical location data to identify potential rogue base station activity
Monitoring Recommendations
- Track Android security bulletin updates and Unisoc advisories for patch availability on affected firmware
- Build dashboards that aggregate device crash reports filtered by chipset model and Android version
- Establish alerts for anomalous concentrations of modem failures within fleet-managed device groups
How to Mitigate CVE-2025-61613
Immediate Actions Required
- Inventory devices that use Unisoc T8100, T8200, T8300, or T9100 chipsets and run Android 13 through 16
- Apply vendor patches as soon as they are delivered through Android security updates or carrier firmware updates
- Restrict use of affected devices in high-risk environments where rogue base station attacks are plausible until patches are applied
Patch Information
Unisoc has published an advisory acknowledging the vulnerability. Refer to the Unisoc Support Announcement for the official patch status. Device manufacturers and carriers must integrate the corrected modem firmware into their Android security update streams before end users receive the fix.
Workarounds
- Disable 5G NR and force devices to use LTE-only mode where supported, reducing exposure to the vulnerable NR protocol path
- Limit device operation to trusted cellular networks and avoid roaming in untrusted regions until firmware is patched
- Use enterprise mobility management policies to enforce updated firmware baselines on managed Android devices
# Example: query Android device for modem and build information
adb shell getprop | grep -Ei "ro.build.version|ro.boot.hardware|gsm.version.baseband"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
