CVE-2025-27060
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-09

Last updated on: 2025-10-21

Assigner: Qualcomm, Inc.

Description
Memory corruption while performing SCM call with malformed inputs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-09
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-27060
Affected Vendors & Products
Showing 50 associated CPEs
Vendor Product Version / Range
qualcomm immersive_home_214_platform_firmware *
qualcomm immersive_home_214_platform *
qualcomm immersive_home_216_platform_firmware *
qualcomm immersive_home_216_platform *
qualcomm immersive_home_316_platform_firmware *
qualcomm immersive_home_316_platform *
qualcomm immersive_home_318_platform_firmware *
qualcomm immersive_home_318_platform *
qualcomm ipq5010_firmware *
qualcomm ipq5010 *
qualcomm ipq5028_firmware *
qualcomm ipq5028 *
qualcomm qcn6023_firmware *
qualcomm qcn6023 *
qualcomm qcn6024_firmware *
qualcomm qcn6024 *
qualcomm qcn6100_firmware *
qualcomm qcn6100 *
qualcomm qcn6102_firmware *
qualcomm qcn6102 *
qualcomm qcn6112_firmware *
qualcomm qcn6112 *
qualcomm qcn6122_firmware *
qualcomm qcn6122 *
qualcomm qcn6132_firmware *
qualcomm qcn6132 *
qualcomm qcn9000_firmware *
qualcomm qcn9000 *
qualcomm qcn9001_firmware *
qualcomm qcn9001 *
qualcomm qcn9002_firmware *
qualcomm qcn9002 *
qualcomm qcn9003_firmware *
qualcomm qcn9003 *
qualcomm qcn9012_firmware *
qualcomm qcn9012 *
qualcomm qcn9022_firmware *
qualcomm qcn9022 *
qualcomm qcn9024_firmware *
qualcomm qcn9024 *
qualcomm qcn9070_firmware *
qualcomm qcn9070 *
qualcomm qcn9072_firmware *
qualcomm qcn9072 *
qualcomm qcn9074_firmware *
qualcomm qcn9074 *
qualcomm qcn9100_firmware *
qualcomm qcn9100 *
qualcomm qcn9274_firmware *
qualcomm qcn9274 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-822 The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory corruption issue that occurs when performing an SCM (Secure Channel Manager) call with malformed inputs.

Impact Analysis

The vulnerability can lead to severe impacts including high confidentiality, integrity, and availability losses due to memory corruption, potentially allowing an attacker with low privileges to execute harmful actions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-27060. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart