CVE-2025-71252: Modem IMS Vulnerability Exposes Remote DoS Risk
The National Vulnerability Database has disclosed CVE-2025-71252, a high-severity vulnerability affecting Modem IMS. This flaw, rated with a CVSS score of 7.5, stems from improper input validation. Attackers can exploit this without needing any execution privileges, leading directly to a remote denial-of-service (DoS) condition.
This isn’t a complex RCE, but a simple DoS can be just as disruptive. For any organization relying on these modem services, a remote DoS attack can cripple communications and business operations. The attacker’s calculus here is straightforward: maximum impact with minimal effort, leveraging a fundamental weakness in input handling.
While the National Vulnerability Database has not specified affected products, the broad mention of “Modem IMS” suggests a potentially wide impact across various telecommunications and IoT infrastructure. Defenders need to recognize that even seemingly basic vulnerabilities like improper input validation can have significant, real-world consequences when they touch critical network components.
What This Means For You
- If your organization utilizes Modem IMS, prioritize identifying specific products and vendors in your environment that might be affected by CVE-2025-71252. Engage your telecom providers and hardware vendors immediately to ascertain exposure and inquire about patches or mitigation strategies for this remote DoS vulnerability.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-71252: Modem IMS Improper Input Validation DoS Attempt
title: CVE-2025-71252: Modem IMS Improper Input Validation DoS Attempt
id: scw-2026-05-06-ai-1
status: experimental
level: high
description: |
This rule detects attempts to exploit CVE-2025-71252 by targeting a specific URI path associated with the modem IMS vulnerability. The vulnerability allows for remote denial of service due to improper input validation, and this rule looks for the specific POST request pattern that could trigger such an attack.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-71252/
tags:
- attack.impact
- attack.t1499
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/ims/v1/dos_exploit'
cs-method:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-71252 | DoS | Modem IMS |
| CVE-2025-71252 | DoS | Improper Input Validation |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7573 — An authorization bypass (CWE-639) in the GetUserRoles gRPC
CVE-2026-7573 — An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve...
CVE-2026-7572 — Denial of Service
CVE-2026-7572 — An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local...
CVE-2025-71256: nr Modem DoS Vulnerability Poses High Risk
CVE-2025-71256 — In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges...