7.8

CVE-2025-21469

Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.

Data is provided by the National Vulnerability Database (NVD)
QualcommQcm5430 Firmware Version-
   QualcommQcm5430 Version-
QualcommQcm6490 Firmware Version-
   QualcommQcm6490 Version-
QualcommQcs5430 Firmware Version-
   QualcommQcs5430 Version-
QualcommQcs6490 Firmware Version-
   QualcommQcs6490 Version-
QualcommSc8380xp Firmware Version-
   QualcommSc8380xp Version-
QualcommSc8280xp-abbb Firmware Version-
   QualcommSc8280xp-abbb Version-
QualcommWcd9370 Firmware Version-
   QualcommWcd9370 Version-
QualcommWcd9375 Firmware Version-
   QualcommWcd9375 Version-
QualcommWcd9380 Firmware Version-
   QualcommWcd9380 Version-
QualcommWcd9385 Firmware Version-
   QualcommWcd9385 Version-
QualcommWsa8830 Firmware Version-
   QualcommWsa8830 Version-
QualcommWsa8835 Firmware Version-
   QualcommWsa8835 Version-
QualcommWsa8840 Firmware Version-
   QualcommWsa8840 Version-
QualcommWsa8845 Firmware Version-
   QualcommWsa8845 Version-
QualcommWsa8845h Firmware Version-
   QualcommWsa8845h Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.016
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
product-security@qualcomm.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.