CVE-2025-71252 Overview
CVE-2025-71252 is an improper input validation vulnerability in the Unisoc Modem IMS (IP Multimedia Subsystem) component. The flaw allows a remote attacker to trigger a denial-of-service condition without requiring user interaction or authentication. According to the Unisoc Product Security Bulletin, the issue resides in modem firmware that processes IMS signaling. Successful exploitation does not grant additional execution privileges, but it disrupts cellular service availability on affected devices. The vulnerability is reachable over the network, increasing exposure for mobile devices using vulnerable Unisoc baseband chipsets.
Critical Impact
A remote, unauthenticated attacker can cause a denial of service on Unisoc Modem IMS, disrupting cellular communications on affected devices.
Affected Products
- Unisoc Modem IMS component (specific chipset versions listed in vendor bulletin)
- Mobile devices using affected Unisoc baseband firmware
- Refer to the Unisoc Product Security Bulletin for the full list
Discovery Timeline
- 2026-05-06 - CVE-2025-71252 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2025-71252
Vulnerability Analysis
The vulnerability is an improper input validation flaw within the Modem IMS subsystem. IMS handles voice over LTE (VoLTE), voice over Wi-Fi, and related multimedia signaling on cellular devices. The modem firmware fails to correctly validate fields in IMS protocol messages before processing them. When a malformed message is received, the modem reaches an unrecoverable error state and terminates IMS service. Devices lose voice and signaling functionality until the modem recovers or the device is restarted. The attack requires no privileges, no user interaction, and is delivered over the network. Confidentiality and integrity are not affected, but availability impact is high.
Root Cause
The root cause is missing or insufficient validation of attacker-controlled fields in IMS signaling parsed by the modem. Without bounds or sanity checks, crafted input drives the firmware into an unexpected state, producing the denial-of-service condition.
Attack Vector
An attacker delivers a malformed IMS message to a target device over the cellular or interconnected IP network. Because IMS signaling can be reached without authentication on the radio interface, the attacker only needs network reachability to the targeted modem to trigger the crash. No user interaction is required.
Verified proof-of-concept code is not publicly available for this vulnerability. Refer to the vendor advisory for technical details.
Detection Methods for CVE-2025-71252
Indicators of Compromise
- Sudden, repeated loss of VoLTE or IMS registration on affected devices
- Modem subsystem crash logs or unexpected radio interface resets
- Anomalous IMS SIP signaling traffic containing malformed headers or oversized fields
Detection Strategies
- Monitor mobile device telemetry for repeated modem restarts or IMS deregistration events on Unisoc-based hardware.
- Inspect carrier-side IMS core logs for malformed SIP or SDP payloads correlated with subscriber service drops.
- Correlate radio access network alerts with bulk IMS registration failures from devices in a single cell.
Monitoring Recommendations
- Enable carrier-grade IMS signaling anomaly detection focused on protocol conformance and field length validation.
- Track baseband crash dumps and modem reset counters across the mobile fleet for trend deviations.
- Subscribe to the Unisoc Product Security Bulletin feed for related advisories and firmware updates.
How to Mitigate CVE-2025-71252
Immediate Actions Required
- Identify devices using affected Unisoc baseband firmware through mobile device management (MDM) inventory.
- Apply vendor firmware updates as soon as the OEM publishes builds incorporating the Unisoc patch.
- Coordinate with mobile carriers to deploy IMS-side input validation and rate limiting for malformed signaling.
Patch Information
Unisoc has published remediation guidance in the Unisoc Product Security Bulletin. Patches are delivered through device OEM firmware updates that integrate the corrected modem image. End users should install all pending system and carrier updates on affected devices.
Workarounds
- Disable VoLTE and Wi-Fi calling on affected devices where operationally acceptable until firmware updates are applied.
- Restrict IMS reachability at the carrier core to authenticated, conformant signaling sources where feasible.
- Restart affected devices to recover modem functionality after a triggered denial-of-service event.
# Example: check Android baseband version on a device for inventory tracking
adb shell getprop gsm.version.baseband
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

