CVE-2025-21476

HIGH
Published Sep 24, 2025 Modified Sep 25, 2025 CWE-120

Description

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

Is your site exposed to CVE-2025-21476?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-120 CWE-120

Affected Products

Vendor Product
qualcomm qcs6490_firmware
qualcomm qcs6490
qualcomm qcs8550_firmware
qualcomm qcs8550
qualcomm qcs9100_firmware
qualcomm qcs9100
qualcomm sg8275_firmware
qualcomm sg8275
qualcomm sg8275p_firmware
qualcomm sg8275p
qualcomm sm6650_firmware
qualcomm sm6650
qualcomm sm7635_firmware
qualcomm sm7635
qualcomm sm7675_firmware
qualcomm sm7675
qualcomm sm7675p_firmware
qualcomm sm7675p
qualcomm sm8550_firmware
qualcomm sm8550
qualcomm sm8550p_firmware
qualcomm sm8550p
qualcomm sm8635_firmware
qualcomm sm8635
qualcomm sm8635p_firmware
qualcomm sm8635p
qualcomm sm8650_firmware
qualcomm sm8650
qualcomm sm8650p_firmware
qualcomm sm8650p
qualcomm sm8650q_firmware
qualcomm sm8650q
qualcomm sm8750_firmware
qualcomm sm8750
qualcomm sm8750p_firmware
qualcomm sm8750p
qualcomm sxr2330p_firmware
qualcomm sxr2330p
qualcomm qca6391_firmware
qualcomm qca6391
qualcomm qca6698aq_firmware
qualcomm qca6698aq
qualcomm qcn9011_firmware
qualcomm qcn9011
qualcomm qcn9012_firmware
qualcomm qcn9012
qualcomm qcn9274_firmware
qualcomm qcn9274
qualcomm wcn3910_firmware
qualcomm wcn3910
qualcomm wcn3950_firmware
qualcomm wcn3950
qualcomm wcn6650_firmware
qualcomm wcn6650
qualcomm wcn6750_firmware
qualcomm wcn6750
qualcomm wcn6755_firmware
qualcomm wcn6755
qualcomm wcn6855_firmware
qualcomm wcn6855
qualcomm wcn6856_firmware
qualcomm wcn6856
qualcomm wcn7850_firmware
qualcomm wcn7850
qualcomm wcn7851_firmware
qualcomm wcn7851
qualcomm wcn7860_firmware
qualcomm wcn7860
qualcomm wcn7861_firmware
qualcomm wcn7861
qualcomm wcn7880_firmware
qualcomm wcn7880
qualcomm wcn7881_firmware
qualcomm wcn7881
qualcomm qcm5430_firmware
qualcomm qcm5430
qualcomm qcm6490_firmware
qualcomm qcm6490
qualcomm qcm8550_firmware
qualcomm qcm8550
qualcomm qcs5430_firmware
qualcomm qcs5430
qualcomm qcs615_firmware
qualcomm qcs615

References

Frequently Asked Questions

What is CVE-2025-21476? +
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake. It has a CVSS v3.1 base score of 7.8 (HIGH).
How severe is CVE-2025-21476? +
CVE-2025-21476 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-21476? +
CVE-2025-21476 affects products from qualcomm, specifically: qca6391, qca6391_firmware, qca6698aq, qca6698aq_firmware, qcm5430, qcm5430_firmware, qcm6490, qcm6490_firmware, qcm8550, qcm8550_firmware, qcn9011, qcn9011_firmware, qcn9012, qcn9012_firmware, qcn9274, qcn9274_firmware, qcs5430, qcs5430_firmware, qcs615, qcs615_firmware, qcs6490, qcs6490_firmware, qcs8550, qcs8550_firmware, qcs9100, qcs9100_firmware, sg8275, sg8275_firmware, sg8275p, sg8275p_firmware, sm6650, sm6650_firmware, sm7635, sm7635_firmware, sm7675, sm7675_firmware, sm7675p, sm7675p_firmware, sm8550, sm8550_firmware, sm8550p, sm8550p_firmware, sm8635, sm8635_firmware, sm8635p, sm8635p_firmware, sm8650, sm8650_firmware, sm8650p, sm8650p_firmware, sm8650q, sm8650q_firmware, sm8750, sm8750_firmware, sm8750p, sm8750p_firmware, sxr2330p, sxr2330p_firmware, wcn3910, wcn3910_firmware, wcn3950, wcn3950_firmware, wcn6650, wcn6650_firmware, wcn6750, wcn6750_firmware, wcn6755, wcn6755_firmware, wcn6855, wcn6855_firmware, wcn6856, wcn6856_firmware, wcn7850, wcn7850_firmware, wcn7851, wcn7851_firmware, wcn7860, wcn7860_firmware, wcn7861, wcn7861_firmware, wcn7880, wcn7880_firmware, wcn7881, wcn7881_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-21476? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-21476 — free, no signup required.