CVE-2025-21480

Warnung

Medienbericht

EPSS 1.98%
Veröffentlicht 03.06.2025 05:53:00
Zuletzt bearbeitet 04.06.2025 17:24:26
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Aqt1000 Firmware Version-

Qualcomm ≫ Aqt1000 Version-

Qualcomm ≫ Fastconnect 6200 Firmware Version-

Qualcomm ≫ Fastconnect 6200 Version-

Qualcomm ≫ Fastconnect 6700 Firmware Version-

Qualcomm ≫ Fastconnect 6700 Version-

Qualcomm ≫ Fastconnect 6800 Firmware Version-

Qualcomm ≫ Fastconnect 6800 Version-

Qualcomm ≫ Fastconnect 6900 Firmware Version-

Qualcomm ≫ Fastconnect 6900 Version-

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800 Version-

Qualcomm ≫ Qca6391 Firmware Version-

Qualcomm ≫ Qca6391 Version-

Qualcomm ≫ Qcm4490 Firmware Version-

Qualcomm ≫ Qcm4490 Version-

Qualcomm ≫ Qcs4490 Firmware Version-

Qualcomm ≫ Qcs4490 Version-

Qualcomm ≫ Sc8380xp Firmware Version-

Qualcomm ≫ Sc8380xp Version-

Qualcomm ≫ Sd855 Firmware Version-

Qualcomm ≫ Sd855 Version-

Qualcomm ≫ Sm4635 Firmware Version-

Qualcomm ≫ Sm4635 Version-

Qualcomm ≫ Sm6250 Firmware Version-

Qualcomm ≫ Sm6250 Version-

Qualcomm ≫ Sm6650 Firmware Version-

Qualcomm ≫ Sm6650 Version-

Qualcomm ≫ Sm6650p Firmware Version-

Qualcomm ≫ Sm6650p Version-

Qualcomm ≫ Sm7325p Firmware Version-

Qualcomm ≫ Sm7325p Version-

Qualcomm ≫ Sm7635 Firmware Version-

Qualcomm ≫ Sm7635 Version-

Qualcomm ≫ Sm7675 Firmware Version-

Qualcomm ≫ Sm7675 Version-

Qualcomm ≫ Sm7675p Firmware Version-

Qualcomm ≫ Sm7675p Version-

Qualcomm ≫ Sm8550p Firmware Version-

Qualcomm ≫ Sm8550p Version-

Qualcomm ≫ Sm8635 Firmware Version-

Qualcomm ≫ Sm8635 Version-

Qualcomm ≫ Sm8635p Firmware Version-

Qualcomm ≫ Sm8635p Version-

Qualcomm ≫ Sm8650q Firmware Version-

Qualcomm ≫ Sm8650q Version-

Qualcomm ≫ Snapdragon 4 Gen 1 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 4 Gen 1 Mobile Platform Version-

Qualcomm ≫ Snapdragon 460 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 460 Mobile Platform Version-

Qualcomm ≫ Snapdragon 480 5g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 480 5g Mobile Platform Version-

Qualcomm ≫ Snapdragon 662 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 662 Mobile Platform Version-

Qualcomm ≫ Snapdragon 680 4g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 680 4g Mobile Platform Version-

Qualcomm ≫ Snapdragon 690 5g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 690 5g Mobile Platform Version-

Qualcomm ≫ Snapdragon 695 5g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 695 5g Mobile Platform Version-

Qualcomm ≫ Snapdragon 720g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 720g Mobile Platform Version-

Qualcomm ≫ Snapdragon 778g 5g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 778g 5g Mobile Platform Version-

Qualcomm ≫ Snapdragon 8 Gen 2 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 8 Gen 2 Mobile Platform Version-

Qualcomm ≫ Snapdragon 8 Gen 3 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 8 Gen 3 Mobile Platform Version-

Qualcomm ≫ Snapdragon 855 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 855 Mobile Platform Version-

Qualcomm ≫ Snapdragon 865 5g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 865 5g Mobile Platform Version-

Qualcomm ≫ Snapdragon 888 5g Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 888 5g Mobile Platform Version-

Qualcomm ≫ Snapdragon Ar1 Gen 1 Firmware Version-

Qualcomm ≫ Snapdragon Ar1 Gen 1 Version-

Qualcomm ≫ Snapdragon X55 5g Modem-rf System Firmware Version-

Qualcomm ≫ Snapdragon X55 5g Modem-rf System Version-

Qualcomm ≫ Sxr2230p Firmware Version-

Qualcomm ≫ Sxr2230p Version-

Qualcomm ≫ Sxr2250p Firmware Version-

Qualcomm ≫ Sxr2250p Version-

Qualcomm ≫ Sxr2330p Firmware Version-

Qualcomm ≫ Sxr2330p Version-

Qualcomm ≫ Wcd9341 Firmware Version-

Qualcomm ≫ Wcd9341 Version-

Qualcomm ≫ Wcd9370 Firmware Version-

Qualcomm ≫ Wcd9370 Version-

Qualcomm ≫ Wcd9375 Firmware Version-

Qualcomm ≫ Wcd9375 Version-

Qualcomm ≫ Wcd9378 Firmware Version-

Qualcomm ≫ Wcd9378 Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385 Version-

Qualcomm ≫ Wcd9390 Firmware Version-

Qualcomm ≫ Wcd9390 Version-

Qualcomm ≫ Wcd9395 Firmware Version-

Qualcomm ≫ Wcd9395 Version-

Qualcomm ≫ Wcn3950 Firmware Version-

Qualcomm ≫ Wcn3950 Version-

Qualcomm ≫ Wcn3988 Firmware Version-

Qualcomm ≫ Wcn3988 Version-

Qualcomm ≫ Wcn6450 Firmware Version-

Qualcomm ≫ Wcn6450 Version-

Qualcomm ≫ Wcn6650 Firmware Version-

Qualcomm ≫ Wcn6650 Version-

Qualcomm ≫ Wcn6755 Firmware Version-

Qualcomm ≫ Wcn6755 Version-

Qualcomm ≫ Wcn7861 Firmware Version-

Qualcomm ≫ Wcn7861 Version-

Qualcomm ≫ Wcn7881 Firmware Version-

Qualcomm ≫ Wcn7881 Version-

Qualcomm ≫ Wsa8810 Firmware Version-

Qualcomm ≫ Wsa8810 Version-

Qualcomm ≫ Wsa8815 Firmware Version-

Qualcomm ≫ Wsa8815 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wsa8832 Firmware Version-

Qualcomm ≫ Wsa8832 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

Qualcomm ≫ Wsa8840 Firmware Version-

Qualcomm ≫ Wsa8840 Version-

Qualcomm ≫ Wsa8845 Firmware Version-

Qualcomm ≫ Wsa8845 Version-

Qualcomm ≫ Wsa8845h Firmware Version-

Qualcomm ≫ Wsa8845h Version-

03.06.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability

Schwachstelle

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.98%	0.83

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
product-security@qualcomm.com	8.6	1.8	6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.heise.de/news/Patchday-Android-Angreifer-koennen-sich-hoehere-Rechte-verschaffen-10424643.html

Medienbericht

heise Security

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-21480

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21480

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21480

EUVD