#VU110036 Incorrect Authorization in Qualcomm products - CVE-2025-21479

Cybersecurity Help s.r.o.

Published: 2025-06-02 | Updated: 2025-06-20

Vulnerability identifier: #VU110036

Vulnerability risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2025-21479

CWE-ID: CWE-863

Exploitation vector: Network

Exploit availability: Yes

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Graphics. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

AQT1000: All versions

FastConnect 6200: All versions

FastConnect 6700: All versions

FastConnect 6800: All versions

FastConnect 6900: All versions

FastConnect 7800: All versions

QCA6391: All versions

QCM4490: All versions

QCS4490: All versions

SD855: All versions

SM4635: All versions

SM6250: All versions

SM6650: All versions

SM6650P: All versions

SM7325P: All versions

SM7635: All versions

SM7675: All versions

SM7675P: All versions

SM8550P: All versions

SM8635: All versions

SM8635P: All versions

SM8650Q: All versions

Snapdragon 4 Gen 1 Mobile Platform: All versions

Snapdragon 460 Mobile Platform: All versions

Snapdragon 480 5G Mobile Platform: All versions

Snapdragon 480+ 5G Mobile Platform (SM4350-AC): All versions

Snapdragon 662 Mobile Platform: All versions

Snapdragon 680 4G Mobile Platform: All versions

Snapdragon 685 4G Mobile Platform (SM6225-AD): All versions

Snapdragon 690 5G Mobile Platform: All versions

Snapdragon 695 5G Mobile Platform: All versions

Snapdragon 720G Mobile Platform: All versions

Snapdragon 778G 5G Mobile Platform: All versions

Snapdragon 778G+ 5G Mobile Platform (SM7325-AE): All versions

Snapdragon 782G Mobile Platform (SM7325-AF): All versions

Snapdragon 7c+ Gen 3 Compute: All versions

Snapdragon 8 Gen 2 Mobile Platform: All versions

Snapdragon 8 Gen 3 Mobile Platform: All versions

Snapdragon 8+ Gen 2 Mobile Platform: All versions

Snapdragon 855 Mobile Platform: All versions

Snapdragon 855+/860 Mobile Platform (SM8150-AC): All versions

Snapdragon 865 5G Mobile Platform: All versions

Snapdragon 865+ 5G Mobile Platform (SM8250-AB): All versions

Snapdragon 870 5G Mobile Platform (SM8250-AC): All versions

Snapdragon 888 5G Mobile Platform: All versions

Snapdragon 888+ 5G Mobile Platform (SM8350-AC): All versions

Snapdragon AR1 Gen 1 Platform: All versions

Snapdragon AR1 Gen 1 Platform "Luna1": All versions

Snapdragon X55 5G Modem-RF System: All versions

SXR2230P: All versions

SXR2250P: All versions

SXR2330P: All versions

WCD9341: All versions

WCD9370: All versions

WCD9375: All versions

WCD9378: All versions

WCD9380: All versions

WCD9385: All versions

WCD9390: All versions

WCD9395: All versions

WCN3950: All versions

WCN3988: All versions

WCN6450: All versions

WCN6650: All versions

WCN6755: All versions

WCN7861: All versions

WCN7881: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8832: All versions

WSA8835: All versions

WSA8840: All versions

WSA8845: All versions

WSA8845H: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Qualcomm chipsets