High

Remote Privilege Escalation in Unisoc Modem Input Validation

IdentifiersCVE-2025-31718CWE-20

CVE-2025-31718 is a critical modem vulnerability attributed to improper input validation in a Unisoc modem component. According to the provided description, malformed or unexpected input can trigger a system crash and may also be leveraged for remote escalation of privilege. The available supporting content does not identify the specific vulnerable function, protocol handler, or code path, but it consistently characterizes the root cause as insufficient validation of externally supplied input processed by the modem. The issue is remotely reachable, requires no privileges and no user interaction, and is scored CVSS v3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow a remote attacker to escalate privileges in the affected modem environment without prior authentication or existing execution privileges. Based on the provided CVSS vector, the impact is high across confidentiality, integrity, and availability. The flaw can also cause a system crash, so exploitation may result in denial of service in addition to privilege escalation. In practical terms, this may enable compromise of the affected modem component and potentially broader device impact depending on vendor integration and trust boundaries.

Mitigation

If you can’t patch tonight, do this now.

Until patched firmware is deployed, reduce exposure to remotely reachable modem attack surfaces where operationally possible. The provided content specifically recommends strict validation of all user or external inputs, applying input-validation patches, and limiting accepted input length and characters. Because this is a modem-side issue, practical mitigations may be limited for end users; priority should be placed on rapid deployment of vendor/OEM firmware updates and minimizing exposure of affected devices to untrusted network traffic where feasible.

Remediation

Patch, then assume compromise.

Apply the vendor-provided fix or advisory update from Unisoc referenced for CVE-2025-31718. The supporting content indicates remediation should focus on correcting the improper input validation condition in the affected modem component, including strict validation of externally supplied input and enforcing appropriate bounds and character restrictions. Where available, deploy OEM or firmware updates that incorporate the Unisoc patch, including Android vendor security updates at the relevant patch level.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cyberthroneNews

Dec 2, 2025

Android Patch Update December 2025

High-severity Unisoc modem vulnerability fixed via vendor updates; baseband issues may be reachable via crafted radio traffic depending on implementation.

cvefeed high severityNews

Oct 11, 2025

CVE-2025-31718 - "Linksys Modem Remote Privilege Escalation Vulnerability"

A critical improper input validation vulnerability in a modem, described as causing a possible system crash and enabling remote privilege escalation.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-31718

NVD

nvd.nist.gov/vuln/detail/CVE-2025-31718

MITRE CWE · CWE-20

cwe.mitre.org

unisoc.com

unisoc.com/en/support/announcement/1976557615080263681