CRITICAL🇵🇱 Wersja polska

CVE-2025-21483

CVSS 9.8v3.1pub. 2025-09-24upd. 2025-11-28

Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.

🤖 AI Analysis
How it works

When receiving an RTP packet from the network, the device proceeds to assemble NALU units (Network Abstraction Layer Units). During this operation, improper memory management occurs — lack of proper buffer boundary validation (CWE-119) leads to memory corruption. An attacker can send a specially crafted RTP packet to trigger this error remotely, without requiring user interaction or elevated privileges.

Impact

An attacker can achieve arbitrary code execution (RCE) on the vulnerable device or cause its failure, resulting in complete violation of system confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the manufacturer according to references — details are contained in the Qualcomm security bulletin from September 2025: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html

Who is affected

Qualcomm Fastconnect 6800, Qualcomm WCN6450 Firmware, Qualcomm QCM4325 Firmware, Qualcomm Snapdragon 636 Mobile Platform Firmware, Qualcomm WSA8845H Firmware — specific versions indicated in manufacturer references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qualcomm Apq8017

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Apq8017 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Apq8064au

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Apq8064au Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Aqt1000

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Aqt1000 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6200

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6200 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6700

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6700 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6800

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6800 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Msm8996au

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Msm8996au Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8255p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8255p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8295p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8295p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8620p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8620p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8650p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8650p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8775p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8775p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qamsrv1h

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qamsrv1h Firmware

    OS
    Qualcomm
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-47372CRITICAL9.0PL ✓ten sam produkt

Qualcomm: Memory Corruption przy ładowaniu uszkodzonego obrazu ELF

CVE-2025-27034CRITICAL9.8PL ✓ten sam produkt

Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR

CVE-2025-21450CRITICAL9.1PL ✓ten sam produkt

Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania

CVE-2024-45569CRITICAL9.8PL ✓ten sam produkt

Qualcomm: Uszkodzenie pamięci przy parsowaniu ML IE w firmware

CVE-2017-11076CRITICAL9.8PL ✓ten sam produkt

Qualcomm: Nieprawidłowy dostęp do pamięci przy dekodowaniu VP9 (sprzętowe)