CVE-2025-27059

HIGH 8.8

Use of Out-of-range Pointer Offset in TZ Firmware

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

Memory corruption while performing SCM call.

CWE	CWE-823
Vendor	qualcomm, inc.
Product	snapdragon
Published	Oct 9, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for qualcomm, inc. snapdragon

Be the first to know when new high vulnerabilities affecting qualcomm, inc. snapdragon are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Qualcomm, Inc. / Snapdragon

Immersive Home 214 Platform Immersive Home 216 Platform Immersive Home 316 Platform Immersive Home 318 Platform IPQ5010 IPQ5028 QCN6023 QCN6024 QCN6100 QCN6102 QCN6112 QCN6122 QCN6132 QCN9000 QCN9001 QCN9002 QCN9003 QCN9012 QCN9022 QCN9024 QCN9070 QCN9072 QCN9074 QCN9100 QCN9274

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.qualcomm.com: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html