CVE-2025-31714

Vulnerability

Overview CVE-2025-31714 is an improper input validation vulnerability in the Developer Tools component of Unisoc's Android-based software. The issue is classified as CWE-20 (Improper Input Validation) and stems from a missing verification of incorrect input [1]. The component fails to properly sanitize or validate data before processing, enabling an attacker to exploit this flaw.

Exploitation

Conditions Exploitation requires physical access to the device, as the attack vector is local and physical (AV:P). No user authentication is needed (PR:N, UI:N), and the attacker does not require any prior execution privileges [1]. This makes the vulnerability accessible to anyone with brief physical possession of an affected device.

Impact and

Affected Products Successful exploitation could lead to local escalation of privilege, potentially granting the attacker high access to confidentiality, integrity, and availability (C:H/I:H/A:H) [1]. The CVSS v3.1 score is 6.8 (Medium). This vulnerability affects Unisoc chipsets including SL8521E, SL8541E, UIS8141E, and UWS61xx series, running software versions Mocor5, Android 8.1, or Android 9 [1].

Mitigation

Status Unisoc has released a security announcement addressing this CVE [1]. Affected users should apply any available patches from their device vendor or Unisoc. No workarounds are documented; physical access controls should be considered as a compensating measure until patches are applied.