CVE-2025-21445 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	qam8255p_firmware	-
qualcomm	qam8295p_firmware	-
qualcomm	qam8620p_firmware	-
qualcomm	qam8650p_firmware	-
qualcomm	qam8775p_firmware	-
qualcomm	qamsrv1h_firmware	-
qualcomm	qamsrv1m_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qca6595_firmware	-
qualcomm	qca6595au_firmware	-
qualcomm	qca6688aq_firmware	-
qualcomm	qca6696_firmware	-
qualcomm	qca6698aq_firmware	-
qualcomm	qca6797aq_firmware	-
qualcomm	sa7255p_firmware	-
qualcomm	sa7775p_firmware	-
qualcomm	sa8255p_firmware	-
qualcomm	sa8295p_firmware	-
qualcomm	sa8540p_firmware	-
qualcomm	sa8620p_firmware	-
qualcomm	sa8650p_firmware	-
qualcomm	sa8770p_firmware	-
qualcomm	sa8775p_firmware	-
qualcomm	sa9000p_firmware	-
qualcomm	srv1h_firmware	-
qualcomm	srv1l_firmware	-
qualcomm	srv1m_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html