CVE-2025-31717

Vulnerability

Overview

CVE-2025-31717 is an improper input validation vulnerability (CWE-20) in the modem component of Unisoc chipsets. The flaw exists because the modem firmware does not properly validate certain network inputs before processing them, which can lead to a system crash. This vulnerability affects multiple Unisoc chipsets including T750, T765, T760, T770, T820, S8000, T8300, and T9300, running Android versions 13 through 16 [1].

Exploitation

The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction. An attacker can send specially crafted network traffic to the modem of an affected device, triggering the input validation flaw. The attack vector is network-based (AV:N) and requires no privileges (PR:N) or user interaction (UI:N), making it accessible to any remote attacker who can reach the device's modem interface [1].

Impact

Successful exploitation leads to a denial of service condition, causing the modem to crash and potentially the entire device to become unresponsive. The CVSS v3.1 score is 7.5 (High) with the impact focused on availability (A:H (High availability impact). There is no impact on confidentiality or integrity. This means an attacker can disrupt service can disrupt device communications and functionality but cannot steal data or modify system files [1].

Mitigation

Unisoc has released security patches for this vulnerability. Device OEMs are advised to contact Unisoc directly for the latest patch information and to update affected firmware. Users should ensure their devices receive the latest security updates from their device manufacturer. The vulnerability is publicly disclosed as of October 2025 [1].