CVE-2025-27039

MEDIUM

Published Oct 9, 2025 Modified Oct 15, 2025 CWE-390

Description

Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request.

CVSS v3.1 Score

6.6

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Weakness Type (CWE)

CWE-390 CWE-390

Affected Products

Vendor	Product	Versions
qualcomm	fastconnect_6900_firmware	All
qualcomm	fastconnect_6900	All
qualcomm	fastconnect_7800_firmware	All
qualcomm	fastconnect_7800	All
qualcomm	sxr2230p_firmware	All
qualcomm	sxr2230p	All
qualcomm	sxr2250p_firmware	All
qualcomm	sxr2250p	All
qualcomm	wcd9380_firmware	All
qualcomm	wcd9380	All
qualcomm	wcd9385_firmware	All
qualcomm	wcd9385	All
qualcomm	wsa8830_firmware	All
qualcomm	wsa8830	All
qualcomm	wsa8832_firmware	All
qualcomm	wsa8832	All
qualcomm	wsa8835_firmware	All
qualcomm	wsa8835	All

References

Advisories & Patches

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html

Frequently Asked Questions

What is CVE-2025-27039? +

Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request. It has a CVSS v3.1 base score of 6.6 (MEDIUM).

How severe is CVE-2025-27039? +

CVE-2025-27039 has a CVSS v3.1 score of 6.6 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-27039? +

CVE-2025-27039 affects products from qualcomm, specifically: fastconnect_6900, fastconnect_6900_firmware, fastconnect_7800, fastconnect_7800_firmware, sxr2230p, sxr2230p_firmware, sxr2250p, sxr2250p_firmware, wcd9380, wcd9380_firmware, wcd9385, wcd9385_firmware, wsa8830, wsa8830_firmware, wsa8832, wsa8832_firmware, wsa8835, wsa8835_firmware. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-27039? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-46367 7.8

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A …

CVE-2024-49841 7.8

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

CVE-2024-27919 7.5

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable …

CVE-2025-26465 6.8

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a …

CVE-2025-25204 6.3

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a …

CVE-2024-12086 6.1

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from …

Quick Facts

CVSS Score: 6.6
Severity: MEDIUM
Published: Oct 9, 2025

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2025-27039.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →