Modem IMS DoS Vulnerability (CVE-2025-71254) Poses Remote Threat
The National Vulnerability Database has disclosed CVE-2025-71254, a high-severity vulnerability (CVSS 7.5) in Modem IMS. This flaw stems from improper input validation, allowing a remote attacker to trigger a denial-of-service (DoS) condition without requiring any additional execution privileges.
This is a critical issue for any organization relying on affected Modem IMS infrastructure. The ability to remotely shut down critical communication components with minimal effort represents a significant operational risk. Attackers can leverage this for disruptive campaigns, extortion, or as a diversion for more sophisticated attacks.
While the National Vulnerability Database has not specified affected products, the broad implications of a modem-level DoS vulnerability demand immediate attention. Defenders need to identify all Modem IMS deployments within their environment and prepare for potential patching or mitigation strategies as soon as vendor advisories become available. Assume your modems are targets.
What This Means For You
- If your organization utilizes Modem IMS, you are exposed to remote denial-of-service. This isn't just an inconvenience; it can take down critical communications. Prepare to identify all Modem IMS instances and apply patches immediately when released. Audit your network perimeters for exposed IMS services.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-71254 - Modem IMS DoS - Malformed IMS Packet
title: CVE-2025-71254 - Modem IMS DoS - Malformed IMS Packet
id: scw-2026-05-06-ai-1
status: experimental
level: high
description: |
Detects potential exploitation of CVE-2025-71254 by looking for a malformed IMS packet indicator in the web server's query string, specifically targeting the denial of service vulnerability in Modem IMS. This rule assumes a hypothetical indicator within the request that signifies the malformed packet leading to DoS.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-71254/
tags:
- attack.impact
- attack.t1499
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- 'IMSPacketMalformed'
cs-method:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-71254 | DoS | Modem IMS |
| CVE-2025-71254 | DoS | Improper Input Validation |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7573 — An authorization bypass (CWE-639) in the GetUserRoles gRPC
CVE-2026-7573 — An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve...
CVE-2026-7572 — Denial of Service
CVE-2026-7572 — An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local...
CVE-2025-71256: nr Modem DoS Vulnerability Poses High Risk
CVE-2025-71256 — In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges...