Security Bulletin
Summary
- Security CVES
- High CVE-2025-31718,CVE-2025-31717
Minutia
- CVE ID CVE-2025-31718
- Title Improper Input Validation in modem
- Description
In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
- Technology Area Modem
- Vulnerability Type CWE-20 Improper Input Validation
- Access Vector Network
- CVSS Rating High
- CVSS Score 7.5
- CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Affected Chipsets*
T606/T612/T616/T750/T765/T760/T770/T820/S8000/T8300/T9300
- Affected Software Versions
Android13/Android14/Android15/Android16
- CVE ID CVE-2025-31717
- Title Improper Input Validation in modem
- Description
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
- Technology Area Modem
- Vulnerability Type CWE-20 Improper Input Validation
- Access Vector Network
- CVSS Rating High
- CVSS Score 7.5
- CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Affected Chipsets*
T750/T765/T760/T770/T820/S8000/T8300/T9300
- Affected Software Versions
Android13/Android14/Android15/Android16
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact directly at https://unisupport.unisoc.com
Vulnerability type definition
- Abbreviation Interpretation
- RCE Remote Code Execution
- EoP Elevation of Privilege
- ID Information Disclosure
- DoS Denial of Service
- N/A Classification not available
Version
- Version Date Description
- 1.0 2025-10-01