Main Vulnerability Database Vulnerabilities #VU110048

Untrusted Pointer Dereference in Qualcomm products - CVE-2025-21486

Published: June 2, 2025

Vulnerability identifier: #VU110048

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-21486

CWE-ID: CWE-822

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Qualcomm

Affected software:
FastConnect 6900
FastConnect 7800
QMP1000
SM8735
SM8750
SM8750P
Snapdragon W5+ Gen 1 Wearable Platform
SW5100
SW5100P
SXR2230P
SXR2250P
SXR2330P
WCD9378
WCD9380
WCD9385
WCD9395
WCN3660B
WCN3680B
WCN3980
WCN3988
WCN7750
WCN7860
WCN7861
WCN7880
WCN7881
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H
WSA8832

Detailed vulnerability description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

How to mitigate CVE-2025-21486

Install security update from vendor's website.

Sources

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Untrusted Pointer Dereference in Qualcomm products - CVE-2025-21486

Detailed vulnerability description

How to mitigate CVE-2025-21486

Sources

Please verify you're human