CVE-2025-21428
HIGHDescription
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
Is your site exposed to CVE-2025-21428?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| qualcomm | snapdragon_439_mobile_platform_firmware |
| qualcomm | snapdragon_439_mobile_platform |
| qualcomm | snapdragon_625_mobile_platform_firmware |
| qualcomm | snapdragon_625_mobile_platform |
| qualcomm | snapdragon_626_mobile_platform_firmware |
| qualcomm | snapdragon_626_mobile_platform |
| qualcomm | snapdragon_632_mobile_platform_firmware |
| qualcomm | snapdragon_632_mobile_platform |
| qualcomm | snapdragon_820_automotive_platform_firmware |
| qualcomm | snapdragon_820_automotive_platform |
| qualcomm | snapdragon_auto_5g_modem-rf_firmware |
| qualcomm | snapdragon_auto_5g_modem-rf |
| qualcomm | snapdragon_x12_lte_modem_firmware |
| qualcomm | snapdragon_x12_lte_modem |
| qualcomm | snapdragon_x35_5g_modem-rf_system_firmware |
| qualcomm | snapdragon_x35_5g_modem-rf_system |
| qualcomm | snapdragon_x5_lte_modem_firmware |
| qualcomm | snapdragon_x5_lte_modem |
| qualcomm | vision_intelligence_100_platform_\(apq8053-aa\)_firmware |
| qualcomm | vision_intelligence_100_platform_\(apq8053-aa\) |
| qualcomm | vision_intelligence_200_platform_\(apq8053-ac\)_firmware |
| qualcomm | vision_intelligence_200_platform_\(apq8053-ac\) |
| qualcomm | wcd9326_firmware |
| qualcomm | wcd9326 |
| qualcomm | wcd9330_firmware |
| qualcomm | wcd9330 |
| qualcomm | wcd9335_firmware |
| qualcomm | wcd9335 |
| qualcomm | wcd9340_firmware |
| qualcomm | wcd9340 |
| qualcomm | wcn3610_firmware |
| qualcomm | wcn3610 |
| qualcomm | wcn3615_firmware |
| qualcomm | wcn3615 |
| qualcomm | wcn3620_firmware |
| qualcomm | wcn3620 |
| qualcomm | wcn3660b_firmware |
| qualcomm | wcn3660b |
| qualcomm | wcn3680_firmware |
| qualcomm | wcn3680 |
| qualcomm | wcn3680b_firmware |
| qualcomm | wcn3680b |
| qualcomm | wcn3980_firmware |
| qualcomm | wcn3980 |
| qualcomm | wsa8810_firmware |
| qualcomm | wsa8810 |
| qualcomm | wsa8815_firmware |
| qualcomm | wsa8815 |
| qualcomm | 9206_lte_modem_firmware |
| qualcomm | 9206_lte_modem |
| qualcomm | apq8017_firmware |
| qualcomm | apq8017 |
| qualcomm | ar8031_firmware |
| qualcomm | ar8031 |
| qualcomm | c-v2x_9150_firmware |
| qualcomm | c-v2x_9150 |
| qualcomm | csra6620_firmware |
| qualcomm | csra6620 |
| qualcomm | csra6640_firmware |
| qualcomm | csra6640 |
| qualcomm | fastconnect_6200_firmware |
| qualcomm | fastconnect_6200 |
| qualcomm | fastconnect_6900_firmware |
| qualcomm | fastconnect_6900 |
| qualcomm | mdm9250_firmware |
| qualcomm | mdm9250 |
| qualcomm | mdm9628_firmware |
| qualcomm | mdm9628 |
| qualcomm | mdm9640_firmware |
| qualcomm | mdm9640 |
| qualcomm | mdm9650_firmware |
| qualcomm | mdm9650 |
| qualcomm | msm8996au_firmware |
| qualcomm | msm8996au |
| qualcomm | qca6174_firmware |
| qualcomm | qca6174 |
| qualcomm | qca6174a_firmware |
| qualcomm | qca6174a |
| qualcomm | qca6175a_firmware |
| qualcomm | qca6175a |
| qualcomm | qca6554a_firmware |
| qualcomm | qca6554a |
| qualcomm | qca6564a_firmware |
| qualcomm | qca6564a |
| qualcomm | qca6564au_firmware |
| qualcomm | qca6564au |
| qualcomm | qca6574_firmware |
| qualcomm | qca6574 |
| qualcomm | qca6574a_firmware |
| qualcomm | qca6574a |
| qualcomm | qca6574au_firmware |
| qualcomm | qca6574au |
| qualcomm | qca6584_firmware |
| qualcomm | qca6584 |
| qualcomm | qca6584au_firmware |
| qualcomm | qca6584au |
| qualcomm | qca6595_firmware |
| qualcomm | qca6595 |
| qualcomm | qca6595au_firmware |
| qualcomm | qca6595au |
| qualcomm | qca6696_firmware |
| qualcomm | qca6696 |
| qualcomm | qca9367_firmware |
| qualcomm | qca9367 |
| qualcomm | qca9377_firmware |
| qualcomm | qca9377 |
| qualcomm | qca9379_firmware |
| qualcomm | qca9379 |
| qualcomm | qcm2150_firmware |
| qualcomm | qcm2150 |
| qualcomm | qep8111_firmware |
| qualcomm | qep8111 |
| qualcomm | qualcomm_205_mobile_platform_firmware |
| qualcomm | qualcomm_205_mobile_platform |
| qualcomm | qualcomm_215_mobile_platform_firmware |
| qualcomm | qualcomm_215_mobile_platform |
| qualcomm | sa2150p_firmware |
| qualcomm | sa2150p |
| qualcomm | sd626_firmware |
| qualcomm | sd626 |
| qualcomm | sdm429w_firmware |
| qualcomm | sdm429w |
| qualcomm | smart_audio_200_platform_firmware |
| qualcomm | smart_audio_200_platform |
| qualcomm | smart_audio_400_platform_firmware |
| qualcomm | smart_audio_400_platform |
| qualcomm | smart_display_200_platform_\(apq5053-aa\)_firmware |
| qualcomm | smart_display_200_platform_\(apq5053-aa\) |
| qualcomm | snapdragon_1200_wearable_platform_firmware |
| qualcomm | snapdragon_1200_wearable_platform |
| qualcomm | snapdragon_210_processor_firmware |
| qualcomm | snapdragon_210_processor |
| qualcomm | snapdragon_212_mobile_platform_firmware |
| qualcomm | snapdragon_212_mobile_platform |
| qualcomm | snapdragon_425_mobile_platform_firmware |
| qualcomm | snapdragon_425_mobile_platform |
| qualcomm | snapdragon_429_mobile_platform_firmware |
| qualcomm | snapdragon_429_mobile_platform |
References
Frequently Asked Questions
What is CVE-2025-21428? +
How severe is CVE-2025-21428? +
What products are affected by CVE-2025-21428? +
How do I check if I'm vulnerable to CVE-2025-21428? +
Related Vulnerabilities
A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet …
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, …
In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the …
BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain …