CVE-2025-59605: CWE-787: Out-of-bounds Write in Qualcomm, Inc. Snapdragon
CVE-2025-59605 is a high-severity vulnerability in Qualcomm Snapdragon products involving an out-of-bounds write due to processing device identifier strings that exceed expected maximum lengths. This memory corruption issue can impact confidentiality, integrity, and availability. It affects a wide range of Snapdragon platforms and related Qualcomm products. No official patch or remediation guidance is currently confirmed. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-59605) is classified as CWE-787 (Out-of-bounds Write) and arises when Qualcomm Snapdragon devices process device identifier strings longer than expected, leading to memory corruption. The issue affects numerous Snapdragon platforms and associated Qualcomm hardware components. The CVSS v3.1 base score is 7.8, indicating high severity, with attack vector local, low attack complexity, low privileges required, no user interaction, and impacts on confidentiality, integrity, and availability. The vulnerability is published and reserved as of mid-2025, but no official remediation or patch has been documented in the provided data.
Potential Impact
Successful exploitation of this vulnerability can lead to memory corruption, potentially allowing an attacker with local access and low privileges to compromise device confidentiality, integrity, and availability. The broad range of affected Snapdragon platforms means many devices could be impacted. However, no known exploits are reported in the wild, and the attack requires local access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, organizations using affected Qualcomm Snapdragon products should monitor Qualcomm's advisories for updates. Until a patch is available, limit local access to affected devices and apply any vendor-recommended mitigations once published.
CVE-2025-59605: CWE-787: Out-of-bounds Write in Qualcomm, Inc. Snapdragon
Description
CVE-2025-59605 is a high-severity vulnerability in Qualcomm Snapdragon products involving an out-of-bounds write due to processing device identifier strings that exceed expected maximum lengths. This memory corruption issue can impact confidentiality, integrity, and availability. It affects a wide range of Snapdragon platforms and related Qualcomm products. No official patch or remediation guidance is currently confirmed. There are no known exploits in the wild at this time.
CVSS v3.1
Score 7.8high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-59605) is classified as CWE-787 (Out-of-bounds Write) and arises when Qualcomm Snapdragon devices process device identifier strings longer than expected, leading to memory corruption. The issue affects numerous Snapdragon platforms and associated Qualcomm hardware components. The CVSS v3.1 base score is 7.8, indicating high severity, with attack vector local, low attack complexity, low privileges required, no user interaction, and impacts on confidentiality, integrity, and availability. The vulnerability is published and reserved as of mid-2025, but no official remediation or patch has been documented in the provided data.
Potential Impact
Successful exploitation of this vulnerability can lead to memory corruption, potentially allowing an attacker with local access and low privileges to compromise device confidentiality, integrity, and availability. The broad range of affected Snapdragon platforms means many devices could be impacted. However, no known exploits are reported in the wild, and the attack requires local access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, organizations using affected Qualcomm Snapdragon products should monitor Qualcomm's advisories for updates. Until a patch is available, limit local access to affected devices and apply any vendor-recommended mitigations once published.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- qualcomm
- Date Reserved
- 2025-09-18T03:19:23.201Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1e08c0e29bf47b5051e1c7
Added to database: 6/1/2026, 10:33:36 PM
Last enriched: 6/1/2026, 11:03:31 PM
Last updated: 6/2/2026, 4:56:48 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.