1. Home
  2. CVE Database
  3. CVE-2025-21486
HIGH · 7.8

CVE-2025-21486

Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.

Vulnerability Description

Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommFastconnect 6900 Firmware-
QualcommFastconnect 6900-
QualcommFastconnect 7800 Firmware-
QualcommFastconnect 7800-
QualcommQmp1000 Firmware-
QualcommQmp1000-
QualcommSm8735 Firmware-
QualcommSm8735-
QualcommSm8750 Firmware-
QualcommSm8750-
QualcommSm8750P Firmware-
QualcommSm8750P-
QualcommSnapdragon W5\+ Gen 1 Wearable Platform Firmware-
QualcommSnapdragon W5\+ Gen 1 Wearable Platform-
QualcommSw5100 Firmware-
QualcommSw5100-
QualcommSw5100P Firmware-
QualcommSw5100P-
QualcommSxr2230P Firmware-
QualcommSxr2230P-

Related Weaknesses (CWE)

CWE-822

References

FAQ

What is CVE-2025-21486?

CVE-2025-21486 is a vulnerability with a CVSS score of 7.8 (HIGH). Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.

How severe is CVE-2025-21486?

CVE-2025-21486 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-21486?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 6900, Qualcomm Fastconnect 7800 Firmware, Qualcomm Fastconnect 7800, Qualcomm Qmp1000 Firmware.