CVE-2025-21457

CVE Database · CVE-2025-21457

· MEDIUMAnalyzed

CVSS v3.1

6.1

EPSS

0.08%

Published

Aug 6, 2025

Modified

Aug 19, 2025

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Information disclosure while opening a fastrpc session when domain is not sanitized.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Weaknesses (CWE)

CWE-126

Affected Products (30)

qualcomm · ar8035_firmwarevulnerable

qualcomm · ar8035

qualcomm · fastconnect_7800_firmwarevulnerable

qualcomm · fastconnect_7800

qualcomm · qca6584au_firmwarevulnerable

qualcomm · qca6584au

qualcomm · qca6698aq_firmwarevulnerable

qualcomm · qca6698aq

qualcomm · qca8081_firmwarevulnerable

qualcomm · qca8081

qualcomm · qca8337_firmwarevulnerable

References (1)

PatchVendor Advisory