CVE-2025-31718

Vulnerability

Overview

CVE-2025-31718 is an improper input validation vulnerability (CWE-20) in the modem component of multiple Unisoc chipsets. The flaw resides in how the modem processes network input, where insufficient validation can trigger a system crash. This vulnerability affects chipsets including T606, T612, T616, T750, T765, T760, T770, T820, S8000, T8300, and T9300, across Android versions 13 through 16 [1].

Exploitation

Conditions

The vulnerability is remotely exploitable over the network without any authentication or user interaction. An attacker can send specially crafted network packets to the target device's modem, leveraging the network access vector (AV:N) and low attack complexity (AC:L). No privileges are required (PR:N), and no user interaction is needed (UI:N) [1].

Impact

Successful exploitation leads to a system crash, resulting in a denial of service (availability impact rated High). According to the official description, this crash could also enable remote escalation of privilege, although the CVSS vector indicates no direct confidentiality or integrity impact. The overall CVSS v3.1 score is 7.5 (High) [1].

Mitigation

Unisoc has released an advisory (referenced in [1]) detailing the affected chipsets and software versions. Device OEMs are advised to contact Unisoc for the latest patch information and to apply updates to affected modem firmware. No workarounds are mentioned; patching is the recommended mitigation.