CVE-2025-61613 is a vulnerability identified in the NR (New Radio) modem firmware of Unisoc (Shanghai) Technologies Co., Ltd.'s T8100, T9100, T8200, and T8300 chipsets. These chipsets are integrated into various mobile devices running Android versions 13 through 16. The root cause is improper input validation (classified under CWE-20), which allows malformed or unexpected input to cause a system crash in the modem subsystem. This crash leads to a denial of service condition remotely exploitable over the network without requiring any authentication or user interaction. The CVSS v3.1 score of 7.5 reflects a high severity, driven by the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impact limited to availability (A:H) without affecting confidentiality or integrity. The vulnerability could disrupt mobile communications by causing the modem to crash, potentially leading to dropped calls, loss of data connectivity, or device instability. No patches or mitigations have been published yet, and no known exploits are reported in the wild. The vulnerability affects a broad range of Android versions, indicating a wide potential attack surface. Given the critical role of modems in mobile devices, this vulnerability represents a significant risk to device availability and service continuity.

The primary impact of CVE-2025-61613 is a remote denial of service on devices using affected Unisoc chipsets, which can cause system crashes in the modem component. This can lead to loss of cellular connectivity, dropped calls, interrupted data sessions, and overall device instability. For organizations relying on mobile communications, this could disrupt business operations, especially in sectors dependent on mobile data or voice services such as telecommunications, emergency services, and IoT deployments. The ease of exploitation (no privileges or user interaction required) increases the risk of widespread attacks, potentially targeting large numbers of devices simultaneously. Although confidentiality and integrity are not directly impacted, the availability disruption can have cascading effects on critical communications and services. The lack of patches increases exposure time, and the broad Android version coverage means many devices remain vulnerable. This could also affect mobile network operators due to increased support calls and potential network congestion from repeated crashes.

1. Network-Level Filtering: Implement firewall rules and intrusion prevention systems to detect and block malformed NR modem traffic patterns that could trigger the crash. 2. Monitoring and Anomaly Detection: Deploy monitoring tools to detect unusual modem behavior or repeated crashes indicative of exploitation attempts. 3. Device Hardening: Disable unnecessary modem features or services if possible to reduce the attack surface. 4. Vendor Coordination: Engage with Unisoc and device manufacturers to prioritize development and deployment of firmware patches addressing the input validation flaw. 5. Update Management: Prepare for rapid deployment of patches once available by maintaining an inventory of affected devices and their firmware versions. 6. User Awareness: Inform users about potential connectivity issues and encourage reporting of unusual device behavior. 7. Network Segmentation: For enterprise environments using mobile devices, segment critical systems from vulnerable devices to limit impact. 8. Alternative Connectivity: Establish fallback communication methods to maintain operations during potential outages caused by exploitation.