Main Vulnerability Database Vulnerabilities #VU119016

#VU119016 Buffer over-read in Qualcomm products - CVE-2025-27041

Published: December 2, 2025

Vulnerability identifier: #VU119016

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-27041

CWE-ID: CWE-126

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
AR8035
FastConnect 6900
FastConnect 7800
QCA6584AU
QCA6595AU
QCA6678AQ
QCA6688AQ
QCA6696
QCA6698AQ
QCA8081
QCA8337
QCA9367
QCC710
QCM6490
QCN6224
QCN6274
QCS410
QCS610
QCS6490
QFW7114
QFW7124
Qualcomm Video Collaboration VC1 Platform
Qualcomm Video Collaboration VC3 Platform
SA6145P
SA6150P
SA8145P
SA8150P
SA8155P
SA8195P
SD660
SG4150P
Snapdragon 660 Mobile Platform
Snapdragon 680 4G Mobile Platform
Snapdragon 685 4G Mobile Platform (SM6225-AD)
Snapdragon 888 5G Mobile Platform
Snapdragon 888+ 5G Mobile Platform (SM8350-AC)
Snapdragon Auto 5G Modem-RF Gen 2
Snapdragon X72 5G Modem-RF System
Snapdragon X75 5G Modem-RF System
SW5100
SW5100P
SXR2230P
SXR2250P
WCD9335
WCD9340
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3950
WCN3980
WCN3988
WCN3990
WSA8810
WSA8815
WSA8830
WSA8835
QCA6174A
QCA6574AU
QCA9377
SA6155P
WSA8832

Software vendor:
Qualcomm

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Video. A local application can perform a denial of service (DoS) attack.

Remediation

Install security update from vendor's website.

External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html

#VU119016 Buffer over-read in Qualcomm products - CVE-2025-27041

Description

Remediation

External links

Please verify you're human