CVE-2025-61611
Published: 09 March 2026
Summary
CVE-2025-61611 is a high-severity Improper Input Validation (CWE-20) vulnerability in Linuxfoundation Yocto. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-61611 is an improper input validation vulnerability in the modem component, as described in its NVD entry published on 2026-03-09. The flaw, mapped to CWE-20 (Improper Input Validation) and noted with NVD-CWE-noinfo, carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). It affects modem implementations, with a vendor advisory published by Unisoc.
The vulnerability enables a remote denial of service attack with no additional execution privileges required. An unauthenticated attacker on the network can exploit it with low attack complexity and no user interaction, achieving high impact on system availability while causing no impact to confidentiality or integrity.
Mitigation details are available in the Unisoc security announcement at https://www.unisoc.com/en/support/announcement/2030931350138310657.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208384
Vulnerability details
In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed..
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation in modem enables remote unauthenticated exploitation causing endpoint DoS (availability impact only).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces proper validation of inputs to the modem component, preventing exploitation of the improper input validation vulnerability leading to remote DoS.
Provides denial-of-service protection mechanisms that limit the impact of remote unauthenticated attacks exploiting the modem vulnerability to disrupt system availability.
Requires timely identification, reporting, and remediation of the specific flaw in the modem, addressing the published CVE through patching or compensating controls.