CVE-2025-21458

HIGH 7.8

Use After Free in NPU

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.

CWE	CWE-416
Vendor	qualcomm, inc.
Product	snapdragon
Published	Aug 6, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for qualcomm, inc. snapdragon

Be the first to know when new high vulnerabilities affecting qualcomm, inc. snapdragon are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Qualcomm, Inc. / Snapdragon

FastConnect 6900 QAM8255P QAM8650P QAM8775P QCA6174A QCA6698AQ QCA6797AQ SA7255P SA7775P SA8255P SA8620P SA8650P SA8775P SA9000P Snapdragon 888 5G Mobile Platform Snapdragon 888+ 5G Mobile Platform (SM8350-AC) SW5100 SW5100P WCD9380 WCD9385 WCN3980 WCN3988 WSA8830 WSA8835

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.qualcomm.com: https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html