CVE-2025-71253
Published: 06 May 2026
Summary
CVE-2025-71253 is a high-severity an unspecified weakness vulnerability in Google Android. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 21.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-71253 is an improper input validation vulnerability in Modem IMS, a component likely associated with Unisoc modem implementations. Published on 2026-05-06, it enables remote denial of service without requiring additional execution privileges. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact availability disruption.
Attackers can exploit this vulnerability remotely over the network with low complexity, no privileges, and no user interaction required. Any unauthenticated remote actor capable of sending malformed input to the affected Modem IMS component could trigger the denial of service, rendering the service unavailable and potentially impacting device connectivity or telephony functions.
Unisoc has published a product security bulletin addressing this vulnerability at https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466, which security practitioners should consult for details on patches, workarounds, or mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209651
Vulnerability details
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation in network-accessible Modem IMS component directly enables remote application/system exploitation resulting in endpoint denial of service (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces proper validation of network inputs to the Modem IMS component, preventing malformed inputs from triggering remote denial of service.
Provides specific protections against denial-of-service events like the remote DoS exploitation possible via this improper input validation vulnerability.
Ensures timely identification, reporting, and patching of the improper input validation flaw in Modem IMS as detailed in the Unisoc security bulletin.