CVE-2025-21428

HIGH
Published Apr 7, 2025 Modified Oct 6, 2025 CWE-126

Description

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.

Is your site exposed to CVE-2025-21428?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-126 CWE-126

Affected Products

Vendor Product
qualcomm snapdragon_439_mobile_platform_firmware
qualcomm snapdragon_439_mobile_platform
qualcomm snapdragon_625_mobile_platform_firmware
qualcomm snapdragon_625_mobile_platform
qualcomm snapdragon_626_mobile_platform_firmware
qualcomm snapdragon_626_mobile_platform
qualcomm snapdragon_632_mobile_platform_firmware
qualcomm snapdragon_632_mobile_platform
qualcomm snapdragon_820_automotive_platform_firmware
qualcomm snapdragon_820_automotive_platform
qualcomm snapdragon_auto_5g_modem-rf_firmware
qualcomm snapdragon_auto_5g_modem-rf
qualcomm snapdragon_x12_lte_modem_firmware
qualcomm snapdragon_x12_lte_modem
qualcomm snapdragon_x35_5g_modem-rf_system_firmware
qualcomm snapdragon_x35_5g_modem-rf_system
qualcomm snapdragon_x5_lte_modem_firmware
qualcomm snapdragon_x5_lte_modem
qualcomm vision_intelligence_100_platform_\(apq8053-aa\)_firmware
qualcomm vision_intelligence_100_platform_\(apq8053-aa\)
qualcomm vision_intelligence_200_platform_\(apq8053-ac\)_firmware
qualcomm vision_intelligence_200_platform_\(apq8053-ac\)
qualcomm wcd9326_firmware
qualcomm wcd9326
qualcomm wcd9330_firmware
qualcomm wcd9330
qualcomm wcd9335_firmware
qualcomm wcd9335
qualcomm wcd9340_firmware
qualcomm wcd9340
qualcomm wcn3610_firmware
qualcomm wcn3610
qualcomm wcn3615_firmware
qualcomm wcn3615
qualcomm wcn3620_firmware
qualcomm wcn3620
qualcomm wcn3660b_firmware
qualcomm wcn3660b
qualcomm wcn3680_firmware
qualcomm wcn3680
qualcomm wcn3680b_firmware
qualcomm wcn3680b
qualcomm wcn3980_firmware
qualcomm wcn3980
qualcomm wsa8810_firmware
qualcomm wsa8810
qualcomm wsa8815_firmware
qualcomm wsa8815
qualcomm 9206_lte_modem_firmware
qualcomm 9206_lte_modem
qualcomm apq8017_firmware
qualcomm apq8017
qualcomm ar8031_firmware
qualcomm ar8031
qualcomm c-v2x_9150_firmware
qualcomm c-v2x_9150
qualcomm csra6620_firmware
qualcomm csra6620
qualcomm csra6640_firmware
qualcomm csra6640
qualcomm fastconnect_6200_firmware
qualcomm fastconnect_6200
qualcomm fastconnect_6900_firmware
qualcomm fastconnect_6900
qualcomm mdm9250_firmware
qualcomm mdm9250
qualcomm mdm9628_firmware
qualcomm mdm9628
qualcomm mdm9640_firmware
qualcomm mdm9640
qualcomm mdm9650_firmware
qualcomm mdm9650
qualcomm msm8996au_firmware
qualcomm msm8996au
qualcomm qca6174_firmware
qualcomm qca6174
qualcomm qca6174a_firmware
qualcomm qca6174a
qualcomm qca6175a_firmware
qualcomm qca6175a
qualcomm qca6554a_firmware
qualcomm qca6554a
qualcomm qca6564a_firmware
qualcomm qca6564a
qualcomm qca6564au_firmware
qualcomm qca6564au
qualcomm qca6574_firmware
qualcomm qca6574
qualcomm qca6574a_firmware
qualcomm qca6574a
qualcomm qca6574au_firmware
qualcomm qca6574au
qualcomm qca6584_firmware
qualcomm qca6584
qualcomm qca6584au_firmware
qualcomm qca6584au
qualcomm qca6595_firmware
qualcomm qca6595
qualcomm qca6595au_firmware
qualcomm qca6595au
qualcomm qca6696_firmware
qualcomm qca6696
qualcomm qca9367_firmware
qualcomm qca9367
qualcomm qca9377_firmware
qualcomm qca9377
qualcomm qca9379_firmware
qualcomm qca9379
qualcomm qcm2150_firmware
qualcomm qcm2150
qualcomm qep8111_firmware
qualcomm qep8111
qualcomm qualcomm_205_mobile_platform_firmware
qualcomm qualcomm_205_mobile_platform
qualcomm qualcomm_215_mobile_platform_firmware
qualcomm qualcomm_215_mobile_platform
qualcomm sa2150p_firmware
qualcomm sa2150p
qualcomm sd626_firmware
qualcomm sd626
qualcomm sdm429w_firmware
qualcomm sdm429w
qualcomm smart_audio_200_platform_firmware
qualcomm smart_audio_200_platform
qualcomm smart_audio_400_platform_firmware
qualcomm smart_audio_400_platform
qualcomm smart_display_200_platform_\(apq5053-aa\)_firmware
qualcomm smart_display_200_platform_\(apq5053-aa\)
qualcomm snapdragon_1200_wearable_platform_firmware
qualcomm snapdragon_1200_wearable_platform
qualcomm snapdragon_210_processor_firmware
qualcomm snapdragon_210_processor
qualcomm snapdragon_212_mobile_platform_firmware
qualcomm snapdragon_212_mobile_platform
qualcomm snapdragon_425_mobile_platform_firmware
qualcomm snapdragon_425_mobile_platform
qualcomm snapdragon_429_mobile_platform_firmware
qualcomm snapdragon_429_mobile_platform

References

Frequently Asked Questions

What is CVE-2025-21428? +
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. It has a CVSS v3.1 base score of 7.5 (HIGH).
How severe is CVE-2025-21428? +
CVE-2025-21428 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-21428? +
CVE-2025-21428 affects products from qualcomm, specifically: 9206_lte_modem, 9206_lte_modem_firmware, apq8017, apq8017_firmware, ar8031, ar8031_firmware, c-v2x_9150, c-v2x_9150_firmware, csra6620, csra6620_firmware, csra6640, csra6640_firmware, fastconnect_6200, fastconnect_6200_firmware, fastconnect_6900, fastconnect_6900_firmware, mdm9250, mdm9250_firmware, mdm9628, mdm9628_firmware, mdm9640, mdm9640_firmware, mdm9650, mdm9650_firmware, msm8996au, msm8996au_firmware, qca6174, qca6174_firmware, qca6174a, qca6174a_firmware, qca6175a, qca6175a_firmware, qca6554a, qca6554a_firmware, qca6564a, qca6564a_firmware, qca6564au, qca6564au_firmware, qca6574, qca6574_firmware, qca6574a, qca6574a_firmware, qca6574au, qca6574au_firmware, qca6584, qca6584_firmware, qca6584au, qca6584au_firmware, qca6595, qca6595_firmware, qca6595au, qca6595au_firmware, qca6696, qca6696_firmware, qca9367, qca9367_firmware, qca9377, qca9377_firmware, qca9379, qca9379_firmware, qcm2150, qcm2150_firmware, qep8111, qep8111_firmware, qualcomm_205_mobile_platform, qualcomm_205_mobile_platform_firmware, qualcomm_215_mobile_platform, qualcomm_215_mobile_platform_firmware, sa2150p, sa2150p_firmware, sd626, sd626_firmware, sdm429w, sdm429w_firmware, smart_audio_200_platform, smart_audio_200_platform_firmware, smart_audio_400_platform, smart_audio_400_platform_firmware, smart_display_200_platform_\(apq5053-aa\), smart_display_200_platform_\(apq5053-aa\)_firmware, snapdragon_1200_wearable_platform, snapdragon_1200_wearable_platform_firmware, snapdragon_210_processor, snapdragon_210_processor_firmware, snapdragon_212_mobile_platform, snapdragon_212_mobile_platform_firmware, snapdragon_425_mobile_platform, snapdragon_425_mobile_platform_firmware, snapdragon_429_mobile_platform, snapdragon_429_mobile_platform_firmware, snapdragon_439_mobile_platform, snapdragon_439_mobile_platform_firmware, snapdragon_625_mobile_platform, snapdragon_625_mobile_platform_firmware, snapdragon_626_mobile_platform, snapdragon_626_mobile_platform_firmware, snapdragon_632_mobile_platform, snapdragon_632_mobile_platform_firmware, snapdragon_820_automotive_platform, snapdragon_820_automotive_platform_firmware, snapdragon_auto_5g_modem-rf, snapdragon_auto_5g_modem-rf_firmware, snapdragon_x12_lte_modem, snapdragon_x12_lte_modem_firmware, snapdragon_x35_5g_modem-rf_system, snapdragon_x35_5g_modem-rf_system_firmware, snapdragon_x5_lte_modem, snapdragon_x5_lte_modem_firmware, vision_intelligence_100_platform_\(apq8053-aa\), vision_intelligence_100_platform_\(apq8053-aa\)_firmware, vision_intelligence_200_platform_\(apq8053-ac\), vision_intelligence_200_platform_\(apq8053-ac\)_firmware, wcd9326, wcd9326_firmware, wcd9330, wcd9330_firmware, wcd9335, wcd9335_firmware, wcd9340, wcd9340_firmware, wcn3610, wcn3610_firmware, wcn3615, wcn3615_firmware, wcn3620, wcn3620_firmware, wcn3660b, wcn3660b_firmware, wcn3680, wcn3680_firmware, wcn3680b, wcn3680b_firmware, wcn3980, wcn3980_firmware, wsa8810, wsa8810_firmware, wsa8815, wsa8815_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-21428? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-21428 — free, no signup required.