CVE-2025-21486

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description The issue involves memory corruption during dynamic process creation when a client passes only the address and length of a shell binary.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Untrusted Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-822

Related Identifiers

CVE-2025-21486

Affected Products

Snapdragon

Fastconnect 6900 Firmware

Fastconnect 7800 Firmware

Qmp1000 Firmware

Sm8735 Firmware

Sm8750 Firmware

Snapdragon W5+ Gen 1 Wearable Platform Firmware

Sw5100P Firmware

Sxr2230P Firmware

Sxr2250P Firmware

Sxr2330P Firmware

Wcd9378 Firmware

Wcd9380 Firmware

Wcd9385 Firmware

Wcd9395 Firmware

Wcn3660B Firmware

Wcn3680B Firmware

Wcn3980 Firmware

Wcn3988 Firmware

Wcn7750 Firmware

Wcn7860 Firmware

Wcn7861 Firmware

Wcn7880 Firmware

Wcn7881 Firmware

Wsa8830 Firmware

Wsa8832 Firmware

Wsa8835 Firmware

Wsa8840 Firmware

Wsa8845 Firmware

CVE-2025-21486

Weakness Enumeration

Related Identifiers

Affected Products

References · 6