CVE-2025-69278
Published: 09 March 2026
Summary
CVE-2025-69278 is a high-severity Improper Input Validation (CWE-20) vulnerability in Google Android. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 46.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-69278 is a vulnerability in the NR modem component due to improper input validation, which can cause a system crash. This issue affects Unisoc's NR modem software and was published on 2026-03-09 with a CVSS v3.1 base score of 7.5 (High), mapped to CWE-20 (Improper Input Validation) and NVD-CWE-noinfo.
The vulnerability enables a remote denial-of-service attack with no additional execution privileges needed. Per the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), an attacker can exploit it over the network with low attack complexity, no user interaction, and no privileges, resulting in high-impact availability disruption through system crashes but no confidentiality or integrity effects.
Unisoc has issued a support announcement detailing the issue at https://www.unisoc.com/en/support/announcement/2030931350138310657.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208393
Vulnerability details
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation enables remote exploitation leading to endpoint system crash (DoS).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the improper input validation vulnerability in the NR modem by enforcing input validation at network entry points to prevent system crashes.
Provides denial-of-service protection mechanisms to block or limit the remote network-based attacks that trigger the NR modem crash.
Ensures timely flaw remediation through patching the specific improper input validation issue in the Unisoc NR modem software.