CVE-2025-71255: Modem IMS Vulnerability Exposes Devices to Remote DoS
The National Vulnerability Database has disclosed CVE-2025-71255, a critical vulnerability within Modem IMS that could lead to remote denial of service (DoS). This flaw, stemming from improper input validation, carries a high CVSS score of 7.5, underscoring its significant impact potential.
Attackers require no special execution privileges to exploit this vulnerability. The lack of authentication or authorization requirements makes it particularly dangerous, allowing unauthenticated remote attackers to trigger a DoS condition. While specific affected products are not detailed by the National Vulnerability Database, the broad mention of “Modem IMS” suggests a wide array of devices could be susceptible.
For defenders, this is a clear signal to scrutinize all devices utilizing Modem IMS for potential exposure. The attacker’s calculus here is simple: low effort, high impact. They can disrupt services remotely without needing to bypass complex security controls. The strategic implication for CISOs is the need to identify and isolate these vulnerable components, especially in critical infrastructure or any system where availability is paramount.
What This Means For You
- If your organization relies on devices with Modem IMS functionality, this vulnerability presents a direct threat to service availability. You need to identify all such assets immediately and monitor for vendor-specific patches for CVE-2025-71255. Prioritize patching or isolating these systems to prevent remote denial of service attacks.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-71255: Modem IMS Remote DoS via Improper Input Validation
title: CVE-2025-71255: Modem IMS Remote DoS via Improper Input Validation
id: scw-2026-05-06-ai-1
status: experimental
level: high
description: |
This rule detects potential exploitation attempts targeting CVE-2025-71255. The vulnerability lies in improper input validation within Modem IMS, allowing for remote Denial of Service. This detection looks for specific, malformed query parameters that are indicative of an attempt to trigger this vulnerability. The presence of these parameters in web server logs suggests an attacker is probing or exploiting the vulnerable IMS component.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-71255/
tags:
- attack.impact
- attack.t1499
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- 'invalid_ims_parameter='
- 'malformed_data='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-71255 | DoS | Modem IMS |
| CVE-2025-71255 | DoS | Improper Input Validation |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7573 — An authorization bypass (CWE-639) in the GetUserRoles gRPC
CVE-2026-7573 — An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve...
CVE-2026-7572 — Denial of Service
CVE-2026-7572 — An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local...
CVE-2025-71256: nr Modem DoS Vulnerability Poses High Risk
CVE-2025-71256 — In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges...