CVE-2025-21476

HIGH 7.8

Buffer Copy Without Checking Size of Input in Computer Vision

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

CWE	CWE-120
Vendor	qualcomm, inc.
Product	snapdragon
Published	Sep 24, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for qualcomm, inc. snapdragon

Be the first to know when new high vulnerabilities affecting qualcomm, inc. snapdragon are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Qualcomm, Inc. / Snapdragon

QCM5430 QCM6490 QCM8550 QCS5430 QCS615 QCS6490 QCS8550 QCS9100 SG8275 SG8275P SM6650 SM7635 SM7675 SM7675P SM8550 SM8550P SM8635 SM8635P SM8650 SM8650P SM8650Q SM8750 SM8750P SXR2330P QCA6391 QCA6698AQ QCN9011 QCN9012 QCN9274 WCN3910 WCN3950 WCN6650 WCN6750 WCN6755 WCN6855 WCN6856 WCN7850 WCN7851 WCN7860 WCN7861 WCN7880 WCN7881

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.qualcomm.com: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html