CVE-2025-21476

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-21476
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs6490:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:qcs9100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs9100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:sg8275_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sg8275:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sg8275p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:sm6650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6650:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:sm7635_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7635:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:sm7675_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7675:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:sm7675p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7675p:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sm8550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8550:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sm8635_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8635:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sm8635p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8635p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:sm8650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8650:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:qualcomm:sm8650p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8650p:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:qualcomm:sm8650q_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8650q:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:qualcomm:sm8750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8750:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:qualcomm:sm8750p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8750p:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:qualcomm:sxr2330p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sxr2330p:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcn9011:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcn9012:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:qualcomm:qcn9274_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcn9274:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn3910:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:qualcomm:wcn6650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6650:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6750:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6755:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6855:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6856:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7850:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7851:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:qualcomm:wcn7880_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7880:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm8550:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:qualcomm:qcs5430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs5430:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:qualcomm:qcs615_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs615:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-09-24 16:15

Updated : 2025-09-25 16:08

NVD link : CVE-2025-21476

Mitre link : CVE-2025-21476

CVE.ORG link : CVE-2025-21476

JSON object : View

Products Affected

qualcomm

  • wcn6750_firmware
  • wcn7851_firmware
  • sm7675p
  • wcn7860
  • sg8275p
  • wcn6855_firmware
  • wcn7880
  • wcn7881_firmware
  • qcs6490
  • wcn6856
  • sxr2330p_firmware
  • qcn9274_firmware
  • sm8550p_firmware
  • sm7675p_firmware
  • sm8550_firmware
  • wcn7850
  • wcn7860_firmware
  • wcn6650_firmware
  • sm7675_firmware
  • qcm6490
  • sm8750p
  • sm8750
  • sm8635_firmware
  • qcs6490_firmware
  • sm8550
  • wcn7881
  • wcn6650
  • qca6391
  • qcm8550_firmware
  • sg8275_firmware
  • sm8650p
  • wcn6856_firmware
  • qcs9100
  • sm8650p_firmware
  • qcs615_firmware
  • sm8650q_firmware
  • qcm5430
  • qcs8550_firmware
  • qcs5430
  • qca6698aq_firmware
  • sg8275
  • wcn7880_firmware
  • qca6698aq
  • wcn3910
  • qcm8550
  • wcn7850_firmware
  • wcn6855
  • wcn7851
  • sm8550p
  • qca6391_firmware
  • sm7635_firmware
  • wcn3950_firmware
  • sm8650_firmware
  • qcm5430_firmware
  • qcs615
  • qcn9011
  • qcs9100_firmware
  • sxr2330p
  • sm6650
  • wcn7861_firmware
  • sm8750_firmware
  • wcn7861
  • qcn9012_firmware
  • qcs5430_firmware
  • wcn6755_firmware
  • sm8635
  • sm8635p
  • sg8275p_firmware
  • sm7675
  • qcn9274
  • qcm6490_firmware
  • qcn9012
  • sm8635p_firmware
  • sm6650_firmware
  • qcn9011_firmware
  • sm7635
  • wcn3910_firmware
  • qcs8550
  • sm8750p_firmware
  • wcn6755
  • wcn3950
  • sm8650q
  • sm8650
  • wcn6750
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')