CVE-2025-27033 (GCVE-0-2025-27033)
Vulnerability from cvelistv5 – Published: 2025-09-24 15:33 – Updated: 2025-09-25 13:51
VLAI?
Summary
Information disclosure while running video usecase having rogue firmware.
Severity ?
6.1 (Medium)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
QCM5430
Affected: QCM6490 Affected: QCS5430 Affected: QCS6490 Affected: QCM8550 Affected: QCS8550 Affected: QCS615 Affected: QCS9100 Affected: SM6650 Affected: SM7635 Affected: SM8650 Affected: SM8650P Affected: SM8650Q Affected: SM7675 Affected: SM7675P Affected: SM8635 Affected: SM8635P Affected: SM8750 Affected: SM8750P Affected: SXR2330P Affected: WCN6750 Affected: WCN6856 Affected: QCN9274 Affected: WCN7851 Affected: QCA6698AQ Affected: WCN6650 Affected: WCN6755 Affected: WCN7850 Affected: WCN7880 Affected: WCN7860 Affected: WCN7861 Affected: WCN7881 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T13:51:38.752137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T13:51:44.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Industrial IOT",
"Snapdragon Mobile"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS615"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM8650"
},
{
"status": "affected",
"version": "SM8650P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "WCN6750"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "WCN7851"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7850"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7881"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure while running video usecase having rogue firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T15:33:39.804Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
}
],
"title": "Buffer Over-read in Video"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-27033",
"datePublished": "2025-09-24T15:33:39.804Z",
"dateReserved": "2025-02-18T09:19:46.882Z",
"dateUpdated": "2025-09-25T13:51:44.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27033\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2025-09-24T16:15:35.500\",\"lastModified\":\"2025-09-25T16:08:17.913\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Information disclosure while running video usecase having rogue firmware.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-126\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC5F81B-AA24-4E3C-9FC8-53E010AC977E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5C66DAD-0D85-46B8-92D7-6D68B9429E9A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99AA0291-B822-4CAD-BA17-81B632FC3FEF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs5430_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6926498-667C-4866-B3DD-A7E20B8F4D7F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs5430:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEFEBC7A-80C0-4E4F-B9C7-53EECF86B6B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"403AE561-6C9E-49F3-A5D6-C48DDD51D663\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs6490:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAC140F-FC5E-4C88-B777-7F5EBF49A695\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"646B241B-2971-4929-9FB6-7A4CBF801CBB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcm8550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5654FFB5-9A89-4399-AFAB-0A26726DEC81\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFF23DDB-98A0-4343-ADD3-5AB9C2383E7E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ACB8AFB-5B91-4AA1-BA3A-1AF0B3503080\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs615_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A369459-FC20-4F7C-A8D9-89E132900F37\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs615:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8444225-A03E-44D7-8BB8-6102EF3A2356\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs9100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"057E49CC-28C0-4A82-A895-6E681AB1E22F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs9100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A7FE265-B8C2-4423-9F13-A64111248D65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm6650_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BB505DE-5B4A-4CFA-BA99-1307DBF96A43\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm6650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39296E3C-4E0F-4B90-A3C0-CA9C9F74CBB6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm7635_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"094197AC-0D25-480F-B797-06AC9842CD5C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm7635:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40AC736A-FEB8-49B3-8500-DB3339906C77\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8650_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA5FB61-BB13-4557-87AC-3EE6C4A8BD47\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"593D81E0-8B38-4874-9EAA-DCA288A15ED6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8650p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766D70DA-1CC7-4FAC-BDBC-A0960FFD65DA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8650p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36A2B662-00C4-46EC-B155-D8ABF8E4C6E4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8650q_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CAA8D9D-0238-4223-8F7B-134ECBB6FA05\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8650q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8A722B8-E1E4-43B4-8882-591CE8C5C166\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm7675_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"012C20A8-3F48-48DD-9A77-65C9CB1F6C30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm7675:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE992A86-36BC-40E3-8E96-6542560BE8EC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm7675p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B46F132-4049-40D0-8351-C1C6FD2B47A0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm7675p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1846514C-1F95-4568-98DE-C57214401841\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8635_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65865EE9-59C0-498F-A4C5-EC00D4642603\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8635:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE02AB51-6FB6-4727-999B-A7466CEDC534\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8635p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F63D90-4BFC-4EFA-8B74-7A5027A7052D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8635p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20EB529B-6B9F-464F-A98B-A8ABE0F01ADB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8750_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84641A8E-A93C-48C1-86AC-193951BA4D78\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74169A4C-0247-4719-887E-BBFB36B04F07\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8750p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D8ABDBF-BABC-4219-8A18-BDFC8C826B1F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8750p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"685D81D0-7E95-4DBA-A05B-7C708A5DFDF0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sxr2330p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"568C5B08-AC42-48D3-8029-A65689EEBE75\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sxr2330p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56DD2B49-0A36-443C-BECB-4115E271A415\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8EE21BA-7178-4D69-852D-2322844FC6B9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn6750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9BACB28-F6EA-445A-B74F-0C3881FE59CB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54C616C5-6480-4FE0-9A1C-08026CCB08D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn6856:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D8E02BA-3A7E-4B13-A8D7-20FD0FAE3187\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9274_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9129A244-AB8C-4AA4-BFBB-37F84D66BD3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9274:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41F243A1-3C0B-4780-95BF-69A4E1A91F18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FFC44DC-DA90-45F5-ACC1-5262D3E3A796\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn7851:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE9D9A56-2157-43F0-BB18-2B7249D7E021\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA1F8F4-EAF2-4704-A8A6-19AD3CA1B577\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F7853D-09EE-476F-B48D-BB30AEB4A67D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn6650_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93398092-AF7C-4F04-874C-7E5B4CF7AB00\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn6650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D242084-5844-4E43-8D7F-D2F8E3521F0C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BC386D9-3D2B-40FA-A2D9-199BB138F46A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn6755:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133FFD9F-FA09-4801-939B-AD1D507BE5FE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16EB11D8-27A3-4D04-B863-7FD4549D0BCD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn7850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF9B5B84-3C57-4D3D-AFF0-958A19DE09E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn7880_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63735D33-9F09-4841-9FE0-0D9AB604BECF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn7880:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E826F765-4C2E-4319-BBC4-DEB02AAD783F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EB8794F-7998-424E-AF68-E4A4F9310F65\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799D69CE-3FCC-4B19-8B00-9AF38111D983\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57608D47-894C-4895-B4B3-4733D55D57DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D765C392-5F38-4E6A-9E88-59629E7A6911\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD\"}]}]}],\"references\":[{\"url\":\"https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27033\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-25T13:51:38.752137Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-25T13:51:41.718Z\"}}], \"cna\": {\"title\": \"Buffer Over-read in Video\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Qualcomm, Inc.\", \"product\": \"Snapdragon\", \"versions\": [{\"status\": \"affected\", \"version\": \"QCM5430\"}, {\"status\": \"affected\", \"version\": \"QCM6490\"}, {\"status\": \"affected\", \"version\": \"QCS5430\"}, {\"status\": \"affected\", \"version\": \"QCS6490\"}, {\"status\": \"affected\", \"version\": \"QCM8550\"}, {\"status\": \"affected\", \"version\": \"QCS8550\"}, {\"status\": \"affected\", \"version\": \"QCS615\"}, {\"status\": \"affected\", \"version\": \"QCS9100\"}, {\"status\": \"affected\", \"version\": \"SM6650\"}, {\"status\": \"affected\", \"version\": \"SM7635\"}, {\"status\": \"affected\", \"version\": \"SM8650\"}, {\"status\": \"affected\", \"version\": \"SM8650P\"}, {\"status\": \"affected\", \"version\": \"SM8650Q\"}, {\"status\": \"affected\", \"version\": \"SM7675\"}, {\"status\": \"affected\", \"version\": \"SM7675P\"}, {\"status\": \"affected\", \"version\": \"SM8635\"}, {\"status\": \"affected\", \"version\": \"SM8635P\"}, {\"status\": \"affected\", \"version\": \"SM8750\"}, {\"status\": \"affected\", \"version\": \"SM8750P\"}, {\"status\": \"affected\", \"version\": \"SXR2330P\"}, {\"status\": \"affected\", \"version\": \"WCN6750\"}, {\"status\": \"affected\", \"version\": \"WCN6856\"}, {\"status\": \"affected\", \"version\": \"QCN9274\"}, {\"status\": \"affected\", \"version\": \"WCN7851\"}, {\"status\": \"affected\", \"version\": \"QCA6698AQ\"}, {\"status\": \"affected\", \"version\": \"WCN6650\"}, {\"status\": \"affected\", \"version\": \"WCN6755\"}, {\"status\": \"affected\", \"version\": \"WCN7850\"}, {\"status\": \"affected\", \"version\": \"WCN7880\"}, {\"status\": \"affected\", \"version\": \"WCN7860\"}, {\"status\": \"affected\", \"version\": \"WCN7861\"}, {\"status\": \"affected\", \"version\": \"WCN7881\"}], \"platforms\": [\"Snapdragon Auto\", \"Snapdragon Compute\", \"Snapdragon Industrial IOT\", \"Snapdragon Mobile\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Information disclosure while running video usecase having rogue firmware.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-126\", \"description\": \"CWE-126 Buffer Over-read\"}]}], \"providerMetadata\": {\"orgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"shortName\": \"qualcomm\", \"dateUpdated\": \"2025-09-24T15:33:39.804Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27033\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-25T13:51:44.063Z\", \"dateReserved\": \"2025-02-18T09:19:46.882Z\", \"assignerOrgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"datePublished\": \"2025-09-24T15:33:39.804Z\", \"assignerShortName\": \"qualcomm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…