CVE-2025-71256
Published: 06 May 2026
Summary
CVE-2025-71256 is a high-severity an unspecified weakness vulnerability in Google Android. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 21.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-71256 is a vulnerability involving improper input validation in the nr modem. This issue affects the nr modem component and was published on 2026-05-06T02:16:05.213 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network with low attack complexity. Successful exploitation leads to a denial of service, resulting in high impact to availability with no impact to confidentiality or integrity.
Unisoc has published a product security bulletin addressing this vulnerability at https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209657
Vulnerability details
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote improper input validation in modem component directly enables application/system exploitation for DoS (A:H impact).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 directly mandates comprehensive input validation to prevent malformed inputs from crashing the NR modem and causing remote denial of service.
SC-5 employs denial-of-service protection at network entry points to block or limit exploitation attempts targeting the NR modem's input validation flaw.
SI-2 ensures flaws like the NR modem input validation vulnerability are identified, prioritized, and remediated through patching per the vendor bulletin.