CVE-2025-61614 Overview
CVE-2025-61614 is an improper input validation vulnerability affecting the NR modem component in Unisoc chipsets used across multiple Android device versions. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service condition without requiring any additional execution privileges or user interaction.
Critical Impact
Remote attackers can crash affected Android devices running Unisoc NR modem chipsets without authentication, causing complete service disruption.
Affected Products
- Google Android versions 13.0, 14.0, 15.0, and 16.0
- Unisoc T7300 chipset
- Unisoc T8100 chipset
- Unisoc T8200 chipset
- Unisoc T8300 chipset
- Unisoc T9100 chipset
Discovery Timeline
- 2026-03-09 - CVE-2025-61614 published to NVD
- 2026-03-09 - Last updated in NVD database
Technical Details for CVE-2025-61614
Vulnerability Analysis
This vulnerability stems from improper input validation within the NR (New Radio) modem component used in Unisoc mobile chipsets. The NR modem handles 5G network communications, and the lack of proper input sanitization allows malformed data to trigger a system crash. The flaw can be exploited remotely over the network without requiring any user interaction or special privileges, making it particularly dangerous for mobile devices in production environments.
The vulnerability is classified under CWE-20 (Improper Input Validation), which occurs when software does not properly validate input before processing it. In this case, the modem firmware fails to adequately check incoming network data, allowing specially crafted packets to cause memory corruption or trigger unhandled exception conditions that crash the device.
Root Cause
The root cause of CVE-2025-61614 lies in insufficient bounds checking and input validation routines within the Unisoc NR modem firmware. When processing network signaling messages or data packets, the modem component fails to properly validate the structure, length, or content of incoming data. This oversight allows an attacker to send malformed packets that exceed expected boundaries or contain unexpected values, ultimately causing the modem subsystem to crash and taking the entire device offline.
Attack Vector
The attack vector for this vulnerability is network-based, requiring no authentication or user interaction. An attacker positioned on the network path—or capable of sending crafted radio packets to the target device—can exploit this vulnerability by transmitting specially crafted NR signaling messages or data packets to the affected modem. When the modem processes these malicious inputs without proper validation, it triggers a crash condition that results in a complete system denial of service.
The attack does not require the attacker to have any privileges on the target device, and the victim does not need to perform any action for the exploit to succeed. This makes the vulnerability particularly severe for devices in shared or public network environments where attackers may have network access.
Detection Methods for CVE-2025-61614
Indicators of Compromise
- Unexpected device reboots or crashes, particularly when connected to cellular networks
- Modem subsystem crash logs in Android system logs (/data/logs/ or via logcat)
- Repeated system recovery events without user-initiated restarts
- Network connectivity issues immediately preceding device crashes
Detection Strategies
- Monitor device stability metrics for abnormal crash patterns in modem-related processes
- Implement network traffic analysis to detect malformed NR signaling messages targeting vulnerable devices
- Deploy mobile device management (MDM) solutions to track and alert on unexpected device reboots
- Review kernel panic logs and modem crash dumps for indicators of input validation failures
Monitoring Recommendations
- Enable enhanced logging for modem subsystem events on affected Android devices
- Configure centralized logging infrastructure to aggregate crash reports from mobile fleet
- Establish baseline device stability metrics to identify anomalous crash patterns
- Monitor for security advisories from Unisoc and Google regarding firmware updates
How to Mitigate CVE-2025-61614
Immediate Actions Required
- Apply the latest security patches from Unisoc as detailed in the UniSoc Security Announcement
- Update affected Android devices to the latest available firmware version from device manufacturers
- Consider temporarily disabling 5G connectivity on affected devices in high-risk environments until patches are applied
- Prioritize patching for devices handling sensitive data or in critical operational roles
Patch Information
Unisoc has released a security update addressing this vulnerability. Device manufacturers using affected Unisoc chipsets should integrate the updated modem firmware into their device images. End users should apply device updates as they become available through their device manufacturer or carrier. Refer to the UniSoc Security Announcement for detailed patch information and affected firmware versions.
Workarounds
- If patches are not immediately available, consider switching devices to LTE-only mode to reduce exposure through the NR modem
- Implement network-level filtering where possible to detect and block malformed signaling traffic
- Deploy affected devices only in trusted network environments until firmware updates are applied
- Maintain an inventory of devices with affected Unisoc chipsets to ensure comprehensive patch deployment
# Android ADB command to check current modem firmware version
adb shell getprop gsm.version.baseband
# Check for available system updates
adb shell pm list packages | grep -i update
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
