CVE-2025-27060 (GCVE-0-2025-27060)
Vulnerability from cvelistv5
Published
2025-10-09 03:18
Modified
2025-10-10 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Summary
Memory corruption while performing SCM call with malformed inputs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: Immersive Home 214 Platform Version: Immersive Home 216 Platform Version: Immersive Home 316 Platform Version: Immersive Home 318 Platform Version: IPQ5010 Version: IPQ5028 Version: QCN6023 Version: QCN6024 Version: QCN6100 Version: QCN6102 Version: QCN6112 Version: QCN6122 Version: QCN6132 Version: QCN9000 Version: QCN9001 Version: QCN9002 Version: QCN9003 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T03:55:14.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Wired Infrastructure and Networking"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "Immersive Home 214 Platform"
},
{
"status": "affected",
"version": "Immersive Home 216 Platform"
},
{
"status": "affected",
"version": "Immersive Home 316 Platform"
},
{
"status": "affected",
"version": "Immersive Home 318 Platform"
},
{
"status": "affected",
"version": "IPQ5010"
},
{
"status": "affected",
"version": "IPQ5028"
},
{
"status": "affected",
"version": "QCN6023"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6100"
},
{
"status": "affected",
"version": "QCN6102"
},
{
"status": "affected",
"version": "QCN6112"
},
{
"status": "affected",
"version": "QCN6122"
},
{
"status": "affected",
"version": "QCN6132"
},
{
"status": "affected",
"version": "QCN9000"
},
{
"status": "affected",
"version": "QCN9001"
},
{
"status": "affected",
"version": "QCN9002"
},
{
"status": "affected",
"version": "QCN9003"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9022"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9070"
},
{
"status": "affected",
"version": "QCN9072"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCN9100"
},
{
"status": "affected",
"version": "QCN9274"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while performing SCM call with malformed inputs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T03:18:06.050Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
}
],
"title": "Untrusted Pointer Dereference in TZ Firmware"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-27060",
"datePublished": "2025-10-09T03:18:06.050Z",
"dateReserved": "2025-02-18T09:19:46.887Z",
"dateUpdated": "2025-10-10T03:55:14.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27060\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2025-10-09T04:16:45.550\",\"lastModified\":\"2025-10-21T16:41:25.170\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory corruption while performing SCM call with malformed inputs.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-822\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:immersive_home_214_platform_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C241123-63B1-4CA2-A3CB-BADA86EAAA2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:immersive_home_214_platform:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E4B95D-966A-4940-A403-9E8241F121C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:immersive_home_216_platform_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68309F58-91D9-407E-9578-17EAF6836E07\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:immersive_home_216_platform:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0D491A9-6A1F-4B62-9A30-5A9F592BD5B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:immersive_home_316_platform_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA6CA3E5-7A0F-4705-985E-0C25DE609494\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:immersive_home_316_platform:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC770BF-4B23-4F43-A0B9-E5FE41536F5E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:immersive_home_318_platform_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84B4531C-9D90-4A9B-8724-1428372319C8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:immersive_home_318_platform:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"497EC79B-0879-4FA2-A5B7-63EA54FC20A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:ipq5010_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8543C671-054B-489F-ACFE-B7D7BEC1DEE6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:ipq5010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15C5F8CB-3291-4E13-94F0-680FC85A9669\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:ipq5028_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AE3085F-59BE-46A0-9A96-65CFAB7DFEAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:ipq5028:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825524E0-BB01-4CAD-9F65-95E096467D28\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn6023_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63FF89C5-3BBF-4A13-8A3B-F490C2FA1A95\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn6023:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6784EC5F-2C26-49C5-9A03-6FD2056C04EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A49DBE04-E2EA-4DA1-B774-A878A71524AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn6024:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69E98386-3BB2-4E8C-AD00-E05123608439\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn6100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4730B8E7-C884-4AFA-ACB5-D0F39A993D18\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn6100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98CB565F-FE4A-4B52-96CB-AA769E985230\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn6102_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C37D96A3-0466-4FC4-9E56-35B55C3FA970\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn6102:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D55BAB4-2AC5-419C-B405-C1AA022DAA24\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn6112_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6300827E-F6F0-490B-8043-38DD415E3161\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn6112:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F6B4C5-2C26-4A13-BA10-5B70805AD8B6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn6122_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A988BD3-71D8-4F2B-9EC2-8E385B114114\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn6122:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E7049A3-9F35-465F-9B2E-96788E54EC63\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn6132_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A59FBBDC-0495-422C-B25A-FFDF94D33C34\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn6132:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6E55C06-45EE-4144-8CBC-4D41DDE4D899\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BCCFF8B-4857-439D-BD4A-EB35672F474B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86896D55-89F5-440B-9082-916E486B65D9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9001_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E02C2FD8-3434-4407-99E3-EE1779C18117\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC3468C1-CF50-4ED2-BD91-D1D140653CFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9002_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6694BAC2-6E3B-4589-8BEA-6B5219267D19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF54E749-D512-45DE-841D-6199623C7099\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9003_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6128C715-8085-47A8-9EE3-F8C67FC1236B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9003:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73B9F6F0-2F3A-4A4E-91A1-39EE598E22A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61F34DD2-9DC0-49E5-BC85-1543EA199477\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A06879F-6FE9-448A-8186-8347D76F872B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9022_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36A10EB2-E7A2-461F-836E-FC38B9428C98\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A457C1D6-A026-4B5F-9CB1-FA795785A515\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A64CDA49-19BF-413F-A0E0-2B9729E45E25\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9024:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"345CCD64-C09E-407D-AAA2-311C4CCFE24F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9070_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C10CAAC-FD93-4116-9F0C-E983B3693FAF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9070:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FEC2402-BA39-49BB-A34C-FF32ED44A158\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9072_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"809FD84D-11C5-4EE3-B830-62CF5F6CB1BC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9072:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFD77A52-D53C-424F-9E17-160B710469C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65303C2D-C6BF-47CB-8146-E240CB8BBE42\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B03022-497A-4F42-BB4D-5624EA7DF1B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B31EEE9E-CDEC-4E88-B950-3413205E483E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E1E341A-7DDD-47E5-BB5F-0666482B41C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9274_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9129A244-AB8C-4AA4-BFBB-37F84D66BD3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9274:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41F243A1-3C0B-4780-95BF-69A4E1A91F18\"}]}]}],\"references\":[{\"url\":\"https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27060\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-09T18:35:46.729357Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-09T18:35:54.787Z\"}}], \"cna\": {\"title\": \"Untrusted Pointer Dereference in TZ Firmware\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Qualcomm, Inc.\", \"product\": \"Snapdragon\", \"versions\": [{\"status\": \"affected\", \"version\": \"Immersive Home 214 Platform\"}, {\"status\": \"affected\", \"version\": \"Immersive Home 216 Platform\"}, {\"status\": \"affected\", \"version\": \"Immersive Home 316 Platform\"}, {\"status\": \"affected\", \"version\": \"Immersive Home 318 Platform\"}, {\"status\": \"affected\", \"version\": \"IPQ5010\"}, {\"status\": \"affected\", \"version\": \"IPQ5028\"}, {\"status\": \"affected\", \"version\": \"QCN6023\"}, {\"status\": \"affected\", \"version\": \"QCN6024\"}, {\"status\": \"affected\", \"version\": \"QCN6100\"}, {\"status\": \"affected\", \"version\": \"QCN6102\"}, {\"status\": \"affected\", \"version\": \"QCN6112\"}, {\"status\": \"affected\", \"version\": \"QCN6122\"}, {\"status\": \"affected\", \"version\": \"QCN6132\"}, {\"status\": \"affected\", \"version\": \"QCN9000\"}, {\"status\": \"affected\", \"version\": \"QCN9001\"}, {\"status\": \"affected\", \"version\": \"QCN9002\"}, {\"status\": \"affected\", \"version\": \"QCN9003\"}, {\"status\": \"affected\", \"version\": \"QCN9012\"}, {\"status\": \"affected\", \"version\": \"QCN9022\"}, {\"status\": \"affected\", \"version\": \"QCN9024\"}, {\"status\": \"affected\", \"version\": \"QCN9070\"}, {\"status\": \"affected\", \"version\": \"QCN9072\"}, {\"status\": \"affected\", \"version\": \"QCN9074\"}, {\"status\": \"affected\", \"version\": \"QCN9100\"}, {\"status\": \"affected\", \"version\": \"QCN9274\"}], \"platforms\": [\"Snapdragon Wired Infrastructure and Networking\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Memory corruption while performing SCM call with malformed inputs.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-822\", \"description\": \"CWE-822 Untrusted Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"shortName\": \"qualcomm\", \"dateUpdated\": \"2025-10-09T03:18:06.050Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27060\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-10T03:55:14.781Z\", \"dateReserved\": \"2025-02-18T09:19:46.887Z\", \"assignerOrgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"datePublished\": \"2025-10-09T03:18:06.050Z\", \"assignerShortName\": \"qualcomm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…