Vulnerability Description
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
CVSS Score
8.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8017 Firmware | - |
| Qualcomm | Apq8017 | - |
| Qualcomm | Apq8064Au Firmware | - |
| Qualcomm | Apq8064Au | - |
| Qualcomm | Aqt1000 Firmware | - |
| Qualcomm | Aqt1000 | - |
| Qualcomm | Fastconnect 6200 Firmware | - |
| Qualcomm | Fastconnect 6200 | - |
| Qualcomm | Fastconnect 6700 Firmware | - |
| Qualcomm | Fastconnect 6700 | - |
| Qualcomm | Snapdragon 460 Mobile Platform Firmware | - |
| Qualcomm | Snapdragon 460 Mobile Platform | - |
| Qualcomm | Snapdragon 480 5G Mobile Platform Firmware | - |
| Qualcomm | Snapdragon 480 5G Mobile Platform | - |
| Qualcomm | Snapdragon 480\+ 5G Mobile Platform \(Sm4350-Ac\) Firmware | - |
| Qualcomm | Snapdragon 480\+ 5G Mobile Platform \(Sm4350-Ac\) | - |
| Qualcomm | Snapdragon 625 Mobile Platform Firmware | - |
| Qualcomm | Snapdragon 625 Mobile Platform | - |
| Qualcomm | Snapdragon 626 Mobile Platform Firmware | - |
| Qualcomm | Snapdragon 626 Mobile Platform | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-21487?
CVE-2025-21487 is a vulnerability with a CVSS score of 8.2 (HIGH). Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
How severe is CVE-2025-21487?
CVE-2025-21487 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-21487?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8017 Firmware, Qualcomm Apq8017, Qualcomm Apq8064Au Firmware, Qualcomm Apq8064Au, Qualcomm Aqt1000 Firmware.