CVE-2025-21486

moderate-risk

Published 2025-06-03

Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Fastconnect 6900 Firmware

Fastconnect 7800 Firmware

Qmp1000 Firmware

Sm8735 Firmware

Sm8750 Firmware

Sm8750P Firmware

Snapdragon W5\+ Gen 1 Wearable Platform Firmware

Sw5100 Firmware

Sw5100P Firmware

Sxr2230P Firmware

Sxr2250P Firmware

Sxr2330P Firmware

Wcd9378 Firmware

Wcd9380 Firmware

Wcd9385 Firmware

Wcd9395 Firmware

Wcn3660B Firmware

Wcn3680B Firmware

Wcn3980 Firmware

Wcn3988 Firmware

Qualcomm

Vendor Advisory https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bul...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 23/34 · High