CVE-2025-21476 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
qualcomm	qcs6490_firmware	-
qualcomm	qcs8550_firmware	-
qualcomm	qcs9100_firmware	-
qualcomm	sg8275_firmware	-
qualcomm	sg8275p_firmware	-
qualcomm	sm6650_firmware	-
qualcomm	sm7635_firmware	-
qualcomm	sm7675_firmware	-
qualcomm	sm7675p_firmware	-
qualcomm	sm8550_firmware	-
qualcomm	sm8550p_firmware	-
qualcomm	sm8635_firmware	-
qualcomm	sm8635p_firmware	-
qualcomm	sm8650_firmware	-
qualcomm	sm8650p_firmware	-
qualcomm	sm8650q_firmware	-
qualcomm	sm8750_firmware	-
qualcomm	sm8750p_firmware	-
qualcomm	sxr2330p_firmware	-
qualcomm	qca6391_firmware	-
qualcomm	qca6698aq_firmware	-
qualcomm	qcn9011_firmware	-
qualcomm	qcn9012_firmware	-
qualcomm	qcn9274_firmware	-
qualcomm	wcn3910_firmware	-
qualcomm	wcn3950_firmware	-
qualcomm	wcn6650_firmware	-
qualcomm	wcn6750_firmware	-
qualcomm	wcn6755_firmware	-
qualcomm	wcn6855_firmware	-
qualcomm	wcn6856_firmware	-
qualcomm	wcn7850_firmware	-
qualcomm	wcn7851_firmware	-
qualcomm	wcn7860_firmware	-
qualcomm	wcn7861_firmware	-
qualcomm	wcn7880_firmware	-
qualcomm	wcn7881_firmware	-
qualcomm	qcm5430_firmware	-
qualcomm	qcm6490_firmware	-
qualcomm	qcm8550_firmware	-
qualcomm	qcs5430_firmware	-
qualcomm	qcs615_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html