CVE-2025-21457

nvd nist

Published: Aug 6, 2025Modified: Aug 19, 2025

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Exploitability: 1.8 / Impact: 4.2

Source: product-security@qualcomm.com (Secondary)

Description

Information disclosure while opening a fastrpc session when domain is not sanitized.

Affected (15)

Products: Qualcomm: Ar8035 Firmware, Fastconnect 7800 Firmware, Qca6584au Firmware, Qca6698aq Firmware, Qca8081 Firmware, Qca8337 Firmware, Qcc710 Firmware, Qcn6224 Firmware, Qcn6274 Firmware, Qfw7114 Firmware, Qfw7124 Firmware, Snapdragon Auto 5g Modem Rf Gen 2 Firmware, Snapdragon X72 5g Modem Rf System Firmware, Snapdragon X75 5g Modem Rf System Firmware, Wcd9340 Firmware

Qualcomm

15 products

Ar8035 Firmware

Fastconnect 7800 Firmware

Snapdragon Auto 5g Modem Rf Gen 2 Firmware

Snapdragon X72 5g Modem Rf System Firmware

Snapdragon X75 5g Modem Rf System Firmware

Wcd9340 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ar8035 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ar8035	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Fastconnect 7800 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Fastconnect 7800	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6584au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6584au	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6698aq Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6698aq	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca8081 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca8081	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca8337 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca8337	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcc710 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcc710	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn6224 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn6224	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn6274 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn6274	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qfw7114 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qfw7114	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qfw7124 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qfw7124	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon X72 5g Modem Rf System Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon X72 5g Modem Rf System	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon X75 5g Modem Rf System Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon X75 5g Modem Rf System	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9340 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9340	All versions

Related CWEs

CWE-126

Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References (1)

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html

Source: product-security@qualcomm.com

PatchVendor Advisory

Timeline

No history available yet.