IMS
by Modem
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-71255 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||
| CVE-2025-48219 | Low | 0.23 | 3.5 | 0.00 | May 18, 2025 | O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID… | ||
| CVE-2022-45527 | 0.00 | — | 0.01 | Feb 8, 2023 | File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. | |||
| CVE-2022-45526 | 0.00 | — | 0.01 | Feb 8, 2023 | SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. | |||
| CVE-2022-26472 | 0.00 | — | 0.00 | Oct 7, 2022 | In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095. |
- risk 0.49cvss 7.5epss 0.00
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- risk 0.23cvss 3.5epss 0.00
O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID…
- CVE-2022-45527Feb 8, 2023risk 0.00cvss —epss 0.01
File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.
- CVE-2022-45526Feb 8, 2023risk 0.00cvss —epss 0.01
SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.
- CVE-2022-26472Oct 7, 2022risk 0.00cvss —epss 0.00
In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095.