CVE-2025-61615 is a vulnerability identified in the NR modem firmware of Unisoc (Shanghai) Technologies Co., Ltd. chipsets T8100, T9100, T8200, and T8300. These chipsets are integrated into various Android devices running versions 13 through 16. The root cause is improper input validation (CWE-20) within the modem's handling of incoming data, which can be maliciously crafted to trigger a system crash. This crash leads to a remote denial of service (DoS) condition, disrupting modem operations and thereby affecting cellular connectivity and device availability. The vulnerability can be exploited remotely over the network without requiring any privileges or user interaction, increasing its risk profile. The CVSS v3.1 base score is 7.5, indicating a high severity primarily due to the network attack vector, low attack complexity, and no need for privileges or user interaction. However, the impact is limited to availability, with no direct compromise of confidentiality or integrity. No patches or mitigations have been officially released yet, and no active exploitation has been reported. The flaw is significant because the affected chipsets are widely used in mid-range and budget smartphones, particularly in Asian markets, making a large population of devices potentially vulnerable to service disruption.

The primary impact of CVE-2025-61615 is a remote denial of service on devices using affected Unisoc chipsets, leading to system crashes of the NR modem. This can cause loss of cellular connectivity, dropped calls, inability to access mobile data, and overall device unavailability for communication. For organizations, this could disrupt critical mobile communications, especially for employees relying on affected devices for business operations or remote work. The vulnerability does not allow data theft or privilege escalation, but the loss of availability can affect emergency services, mobile banking, and other essential services dependent on cellular networks. Large-scale exploitation could lead to widespread service outages in regions where these chipsets are prevalent. The lack of required authentication and user interaction makes the attack easier to execute remotely, increasing the threat to mobile users globally. However, the absence of known exploits in the wild currently limits immediate risk, though this could change once exploit code becomes available.

Organizations and users should monitor Unisoc and device manufacturers for official patches addressing this vulnerability and apply them promptly once available. In the interim, network operators can implement filtering and anomaly detection to identify and block malformed NR modem traffic that could trigger the crash. Device administrators should restrict exposure of vulnerable devices to untrusted networks, especially public Wi-Fi or untrusted cellular networks, to reduce attack surface. Employing mobile device management (MDM) solutions to control device network access and update policies can help mitigate risk. Additionally, users should avoid installing untrusted applications or connecting to suspicious networks that might facilitate exploitation. Security teams should prepare incident response plans for potential denial of service scenarios affecting mobile communications. Collaboration with mobile carriers to monitor unusual traffic patterns targeting Unisoc chipsets could provide early warning of exploitation attempts.