CVE-2025-71254

High

Published: 06 May 2026

Published

06 May 2026

Modified

06 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0006 19.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

Security SummaryAI

CVE-2025-71254 is an improper input validation vulnerability in Modem IMS. This flaw affects Unisoc products, as detailed in the vendor's security bulletin. Published on 2026-05-06, it enables a remote denial of service without requiring additional execution privileges and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, and high impact on availability.

A remote, unauthenticated attacker can exploit this vulnerability over the network with no user interaction needed. Exploitation triggers a denial of service condition, disrupting service availability while leaving confidentiality and integrity unaffected.

Mitigation details are available in the Unisoc product security bulletin at https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466.

Details

CWE(s): None listed

References

https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466
security@unisoc.com