CVE-2025-21476

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-09-24

Last updated on: 2025-09-25

Assigner: Qualcomm, Inc.

Description

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-09-24

Last Modified

2025-09-25

Generated

2026-05-07

AI Q&A

2025-09-24

EPSS Evaluated

2026-05-05

NVD

CVE-2025-21476

Affected Vendors & Products

Vendor	Product	Version / Range
qualcomm	qcs6490_firmware	*
qualcomm	qcs6490	*
qualcomm	qcs8550_firmware	*
qualcomm	qcs8550	*
qualcomm	qcs9100_firmware	*
qualcomm	qcs9100	*
qualcomm	sg8275_firmware	*
qualcomm	sg8275	*
qualcomm	sg8275p_firmware	*
qualcomm	sg8275p	*
qualcomm	sm6650_firmware	*
qualcomm	sm6650	*
qualcomm	sm7635_firmware	*
qualcomm	sm7635	*
qualcomm	sm7675_firmware	*
qualcomm	sm7675	*
qualcomm	sm7675p_firmware	*
qualcomm	sm7675p	*
qualcomm	sm8550_firmware	*
qualcomm	sm8550	*
qualcomm	sm8550p_firmware	*
qualcomm	sm8550p	*
qualcomm	sm8635_firmware	*
qualcomm	sm8635	*
qualcomm	sm8635p_firmware	*
qualcomm	sm8635p	*
qualcomm	sm8650_firmware	*
qualcomm	sm8650	*
qualcomm	sm8650p_firmware	*
qualcomm	sm8650p	*
qualcomm	sm8650q_firmware	*
qualcomm	sm8650q	*
qualcomm	sm8750_firmware	*
qualcomm	sm8750	*
qualcomm	sm8750p_firmware	*
qualcomm	sm8750p	*
qualcomm	sxr2330p_firmware	*
qualcomm	sxr2330p	*
qualcomm	qca6391_firmware	*
qualcomm	qca6391	*
qualcomm	qca6698aq_firmware	*
qualcomm	qca6698aq	*
qualcomm	qcn9011_firmware	*
qualcomm	qcn9011	*
qualcomm	qcn9012_firmware	*
qualcomm	qcn9012	*
qualcomm	qcn9274_firmware	*
qualcomm	qcn9274	*
qualcomm	wcn3910_firmware	*
qualcomm	wcn3910	*
qualcomm	wcn3950_firmware	*
qualcomm	wcn3950	*
qualcomm	wcn6650_firmware	*
qualcomm	wcn6650	*
qualcomm	wcn6750_firmware	*
qualcomm	wcn6750	*
qualcomm	wcn6755_firmware	*
qualcomm	wcn6755	*
qualcomm	wcn6855_firmware	*
qualcomm	wcn6855	*
qualcomm	wcn6856_firmware	*
qualcomm	wcn6856	*
qualcomm	wcn7850_firmware	*
qualcomm	wcn7850	*
qualcomm	wcn7851_firmware	*
qualcomm	wcn7851	*
qualcomm	wcn7860_firmware	*
qualcomm	wcn7860	*
qualcomm	wcn7861_firmware	*
qualcomm	wcn7861	*
qualcomm	wcn7880_firmware	*
qualcomm	wcn7880	*
qualcomm	wcn7881_firmware	*
qualcomm	wcn7881	*
qualcomm	qcm5430_firmware	*
qualcomm	qcm5430	*
qualcomm	qcm6490_firmware	*
qualcomm	qcm6490	*
qualcomm	qcm8550_firmware	*
qualcomm	qcm8550	*
qualcomm	qcs5430_firmware	*
qualcomm	qcs5430	*
qualcomm	qcs615_firmware	*
qualcomm	qcs615	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-120	The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a memory corruption issue that occurs when parameters are passed to the Trusted Virtual Machine during the handshake process.

How can this vulnerability impact me? :

The vulnerability can lead to high impact on confidentiality, integrity, and availability, potentially allowing an attacker with low privileges and local access to cause significant damage or unauthorized access.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-21476

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart