CVE-2025-71253 Overview
CVE-2025-71253 is an improper input validation vulnerability in the Modem IMS (IP Multimedia Subsystem) component. The flaw allows a remote attacker to trigger a denial of service condition without requiring additional execution privileges or user interaction. The issue was disclosed through the Unisoc Product Security Bulletin and affects modem firmware that processes IMS signaling traffic.
Critical Impact
A remote, unauthenticated attacker can disrupt cellular voice and data services on affected modem chipsets by sending crafted IMS protocol input.
Affected Products
- Unisoc Modem IMS component (see vendor advisory for affected chipset models and firmware versions)
Discovery Timeline
- 2026-05-06 - CVE-2025-71253 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2025-71253
Vulnerability Analysis
The vulnerability resides in the IMS handling logic of the affected modem firmware. IMS is the signaling framework cellular networks use to deliver Voice over LTE (VoLTE), Voice over New Radio (VoNR), and Rich Communication Services (RCS). The component fails to properly validate input received over the air interface before processing it.
When the modem parses a malformed IMS message, the missing validation leads to an unrecoverable error state in the modem stack. This produces a denial of service that can interrupt cellular connectivity on the device. Confidentiality and integrity are not impacted, but availability is fully degraded according to the published CVSS metrics.
The attack does not require credentials, user interaction, or local access. An adversary positioned on the network path or operating a rogue base station can deliver the crafted input to vulnerable modems within radio range.
Root Cause
The root cause is improper input validation in the IMS message handler. Fields within incoming IMS signaling are not sufficiently checked for length, type, or structural correctness before being processed by the modem firmware, leading to a fatal condition.
Attack Vector
The attack vector is network based. An attacker delivers a malformed IMS signaling message to the targeted device. Successful delivery causes the modem to enter an error state, dropping the cellular session and denying service to the user.
Public exploit code is not available, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. See the Unisoc Product Security Bulletin for vendor technical details.
Detection Methods for CVE-2025-71253
Indicators of Compromise
- Unexpected loss of cellular signal or repeated modem resets on affected devices within a localized area
- Carrier-side logs showing IMS registration failures or malformed SIP/IMS messages from specific endpoints
- Device crash logs referencing the IMS or modem subsystem following inbound signaling
Detection Strategies
- Monitor mobile device management (MDM) telemetry for abnormal rates of cellular connectivity loss across a fleet
- Inspect carrier IMS core logs for malformed signaling patterns and correlate with affected device identifiers
- Track firmware build versions across managed devices to identify endpoints still running vulnerable modem images
Monitoring Recommendations
- Establish a baseline for normal IMS registration and re-registration rates per device, alerting on deviations
- Forward modem and radio interface layer logs from managed mobile endpoints to a centralized logging platform for correlation
- Track vendor security bulletins from Unisoc and downstream OEMs to detect newly disclosed firmware-level issues
How to Mitigate CVE-2025-71253
Immediate Actions Required
- Identify devices in your environment that use affected Unisoc modem chipsets and inventory their current firmware versions
- Coordinate with device OEMs and mobile carriers to confirm availability of patched firmware images
- Prioritize patch deployment for high-value mobile endpoints and devices operating in untrusted radio environments
Patch Information
Unisoc has published remediation guidance through its product security bulletin. Refer to the Unisoc Product Security Bulletin for the list of affected chipsets, fixed firmware versions, and OEM coordination details. Firmware updates must typically be delivered by the device manufacturer through an over-the-air (OTA) update.
Workarounds
- Where feasible, disable VoLTE or IMS services on affected devices until patched firmware is deployed
- Restrict use of affected devices in environments where rogue base station attacks are plausible
- Apply MDM policies that enforce timely OTA update installation across managed mobile fleets
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
