CVE-2025-21468

CVE Database · CVE-2025-21468

CVE-2025-21468

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

0.09%

Published

May 6, 2025

Modified

Aug 11, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787

Affected Products (302)

qualcomm · ar8035_firmwarevulnerable

qualcomm · ar8035

qualcomm · csra6620_firmwarevulnerable

qualcomm · csra6620

qualcomm · csra6640_firmwarevulnerable

qualcomm · csra6640

qualcomm · fastconnect_6200_firmwarevulnerable

qualcomm · fastconnect_6200

qualcomm · fastconnect_6700_firmwarevulnerable

qualcomm · fastconnect_6700

qualcomm · wcd9380_firmwarevulnerable

References (1)

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs