CVE-2025-71255

High

Published: 06 May 2026

Published

06 May 2026

Modified

06 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0006 19.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

Security SummaryAI

CVE-2025-71255 is an improper input validation vulnerability in the Modem IMS component. Published on 2026-05-06, it has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), rated as High severity, with impacts limited to high availability disruption and no confidentiality or integrity effects.

A remote attacker requires no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation leads to denial of service, potentially disrupting modem functionality without code execution or privilege escalation.

Unisoc has published a product security bulletin detailing the issue at https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466, which security practitioners should consult for mitigation guidance and available patches.

Details

CWE(s): None listed

References

https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466
security@unisoc.com