Cyber Resilience

CVE-2025-31715

Critical

Published: 18 August 2025

Published
18 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0091 76.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31715 is a critical-severity an unspecified weakness vulnerability in Unisoc (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-31715 is a command injection vulnerability in the VoWiFi service stemming from improper input validation. This flaw affects the VoWiFi service component, as disclosed by Unisoc, a chipset vendor whose products are commonly integrated into mobile devices supporting Voice over WiFi functionality.

The vulnerability enables remote exploitation over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). A successful attack leads to escalation of privilege without additional execution privileges needed, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 9.8.

Unisoc has published a security announcement regarding CVE-2025-31715 at https://www.unisoc.com/en_us/secy/announcementDetail/1944933773300793346, which security practitioners should consult for details on affected versions, patches, or mitigation guidance.

EU & UK References

Vulnerability details

In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.

CWE(s)
None listed

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Command injection in network-accessible VoWiFi service directly enables remote exploitation of public-facing apps (T1190) and results in unauthenticated privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

Unisoc
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates information input validation and error handling at input points to prevent command injection vulnerabilities like CVE-2025-31715.

prevent

Requires timely identification, reporting, and correction of system flaws, enabling patching of the specific command injection vulnerability in the VoWiFi service.

prevent

Enforces information input restrictions at system boundaries, complementing validation to block malformed inputs that could lead to command injection in the VoWiFi service.

References