Modem IMS Vulnerability (CVE-2025-71253) Allows Remote DoS
The National Vulnerability Database has issued an advisory for CVE-2025-71253, a high-severity vulnerability (CVSS 7.5) affecting Modem IMS. This flaw stems from improper input validation, which attackers can exploit to trigger a remote denial-of-service (DoS) condition. No additional execution privileges are required, significantly lowering the bar for exploitation.
This isn’t some theoretical edge case. A remote, unauthenticated DoS is a direct line to operational disruption. For any organization relying on affected Modem IMS infrastructure, this vulnerability represents a critical availability risk. Attackers don’t need to breach your perimeter; they just need to send malformed input to bring down services.
Defenders need to treat this with urgency. While specific affected products weren’t detailed by the National Vulnerability Database, any component utilizing Modem IMS should be scrutinized immediately. The attacker’s calculus here is simple: maximum impact with minimal effort. This is precisely the kind of low-skill, high-reward vulnerability that gets weaponized quickly.
What This Means For You
- If your organization utilizes Modem IMS, you need to identify all instances immediately. Prioritize patching or implementing compensating controls to prevent remote denial-of-service attacks. This isn't a future problem; it's an active threat to your operational continuity.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Modem IMS Improper Input Validation DoS Attempt - CVE-2025-71253
title: Modem IMS Improper Input Validation DoS Attempt - CVE-2025-71253
id: scw-2026-05-06-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2025-71253 by sending malformed requests to the Modem IMS interface. The vulnerability lies in improper input validation, allowing for remote denial of service. This rule specifically looks for common parameters used in IMS interactions within the query string of POST requests, which are indicative of an exploit attempt targeting this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-71253/
tags:
- attack.impact
- attack.t1499
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- 'IMSI='
- 'IMEI='
cs-method:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-71253 | DoS | Modem IMS |
| CVE-2025-71253 | DoS | Improper Input Validation |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7573 — An authorization bypass (CWE-639) in the GetUserRoles gRPC
CVE-2026-7573 — An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve...
CVE-2026-7572 — Denial of Service
CVE-2026-7572 — An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local...
CVE-2025-71256: nr Modem DoS Vulnerability Poses High Risk
CVE-2025-71256 — In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges...