CVE Alert: CVE-2025-27053 – Qualcomm, Inc. – Snapdragon
CVE-2025-27053
HIGHNo exploitation known
Memory corruption during PlayReady APP usecase while processing TA commands.
CVSS v3.1 (7.8)
AV LOCAL · AC LOW · PR LOW · UI NONE · S UNCHANGED
Vendor
Qualcomm, Inc.
Product
Snapdragon
Versions
315 5G IoT Modem | 9205 LTE Modem | 9206 LTE Modem | 9207 LTE Modem | APQ8017 | APQ8037 | APQ8064AU | AQT1000 | AR8031 | AR8035 | C-V2X 9150 | CSRA6620 | CSRA6640 | CSRB31024 | FastConnect 6200 | FastConnect 6700 | FastConnect 6800 | FastConnect 6900 | FastConnect 7800 | Flight RB5 5G Platform | Home Hub 100 Platform | MDM8207 | MDM9205S | MDM9250 | MDM9628 | MDM9640 | MDM9650 | MSM8996AU | PM8937 | QAM8255P | QAM8295P | QAM8620P | QAM8650P | QAM8775P | QAMSRV1H | QAMSRV1M | QCA4004 | QCA6174A | QCA6234 | QCA6310 | QCA6320 | QCA6335 | QCA6391 | QCA6420 | QCA6421 | QCA6426 | QCA6430 | QCA6431 | QCA6436 | QCA6564 | QCA6564A | QCA6564AU | QCA6574 | QCA6574A | QCA6574AU | QCA6584AU | QCA6595 | QCA6595AU | QCA6678AQ | QCA6688AQ | QCA6696 | QCA6698AQ | QCA6698AU | QCA6797AQ | QCA8081 | QCA8337 | QCA8386 | QCA8695AU | QCA9367 | QCA9377 | QCA9379 | QCC2072 | QCC710 | QCC711 | QCF8001 | QCM2150 | QCM2290 | QCM4290 | QCM4325 | QCM4490 | QCM5430 | QCM6125 | QCM6490 | QCM6690 | QCM8550 | QCN6024 | QCN6224 | QCN6274 | QCN7606 | QCN9011 | QCN9012 | QCN9024 | QCN9074 | QCN9274 | QCS2290 | QCS410 | QCS4290 | QCS4490 | QCS5430 | QCS610 | QCS6125 | QCS615 | QCS6490 | QCS6690 | QCS7230 | QCS8155 | QCS8250 | QCS8300 | QCS8550 | QCS9100 | QDU1000 | QDU1010 | QDU1110 | QDU1210 | QDX1010 | QDX1011 | QEP8111 | QFW7114 | QFW7124 | QMP1000 | QRB5165M | QRB5165N | QRU1032 | QRU1052 | QRU1062 | QSM8250 | QSM8350 | QTS110 | Qualcomm 215 Mobile Platform | Qualcomm Video Collaboration VC1 Platform | Qualcomm Video Collaboration VC3 Platform | Qualcomm Video Collaboration VC5 Platform | Robotics RB2 Platform | Robotics RB3 Platform | Robotics RB5 Platform | SA2150P | SA4150P | SA4155P | SA6145P | SA6150P | SA6155 | SA6155P | SA7255P | SA7775P | SA8145P | SA8150P | SA8155 | SA8155P | SA8195P | SA8255P | SA8295P | SA8530P | SA8540P | SA8620P | SA8650P | SA8770P | SA8775P | SA9000P | SC8180X+SDX55 | SC8380XP | SD 675 | SD 8 Gen1 5G | SD626 | SD670 | SD675 | SD730 | SD820 | SD821 | SD855 | SD865 5G | SD888 | SDM429W | SDX55 | SDX61 | SDX82 | SDX85 | SG4150P | SG6150 | SG6150P | SG8275P | SM4125 | SM4635 | SM6225P | SM6250 | SM6250P | SM6370 | SM6650 | SM6650P | SM7250P | SM7315 | SM7325P | SM7635 | SM7635P | SM7675 | SM7675P | SM8550P | SM8635 | SM8635P | SM8650Q | SM8735 | SM8750 | SM8750P | SM8850 | SM8850P | Smart Audio 400 Platform | Smart Display 200 Platform (APQ5053-AA) | Snapdragon 1100 Wearable Platform | Snapdragon 1200 Wearable Platform | Snapdragon 4 Gen 1 Mobile Platform | Snapdragon 4 Gen 2 Mobile Platform | Snapdragon 425 Mobile Platform | Snapdragon 427 Mobile Platform | Snapdragon 429 Mobile Platform | Snapdragon 430 Mobile Platform | Snapdragon 435 Mobile Platform | Snapdragon 439 Mobile Platform | Snapdragon 450 Mobile Platform | Snapdragon 460 Mobile Platform | Snapdragon 480 5G Mobile Platform | Snapdragon 480+ 5G Mobile Platform (SM4350-AC) | Snapdragon 625 Mobile Platform | Snapdragon 626 Mobile Platform | Snapdragon 632 Mobile Platform | Snapdragon 662 Mobile Platform | Snapdragon 665 Mobile Platform | Snapdragon 670 Mobile Platform | Snapdragon 675 Mobile Platform | Snapdragon 678 Mobile Platform (SM6150-AC) | Snapdragon 680 4G Mobile Platform | Snapdragon 685 4G Mobile Platform (SM6225-AD) | Snapdragon 690 5G Mobile Platform | Snapdragon 695 5G Mobile Platform | Snapdragon 710 Mobile Platform | Snapdragon 712 Mobile Platform | Snapdragon 720G Mobile Platform | Snapdragon 730 Mobile Platform (SM7150-AA) | Snapdragon 730G Mobile Platform (SM7150-AB) | Snapdragon 732G Mobile Platform (SM7150-AC) | Snapdragon 750G 5G Mobile Platform | Snapdragon 765 5G Mobile Platform (SM7250-AA) | Snapdragon 765G 5G Mobile Platform (SM7250-AB) | Snapdragon 768G 5G Mobile Platform (SM7250-AC) | Snapdragon 778G 5G Mobile Platform | Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) | Snapdragon 780G 5G Mobile Platform | Snapdragon 782G Mobile Platform (SM7325-AF) | Snapdragon 7c Compute Platform (SC7180-AC) | Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) "Rennell Pro" | Snapdragon 7c+ Gen 3 Compute | Snapdragon 8 Gen 1 Mobile Platform | Snapdragon 8 Gen 2 Mobile Platform | Snapdragon 8 Gen 3 Mobile Platform | Snapdragon 8+ Gen 1 Mobile Platform | Snapdragon 8+ Gen 2 Mobile Platform | Snapdragon 820 Automotive Platform | Snapdragon 820 Mobile Platform | Snapdragon 821 Mobile Platform | Snapdragon 845 Mobile Platform | Snapdragon 855 Mobile Platform | Snapdragon 855+/860 Mobile Platform (SM8150-AC) | Snapdragon 865 5G Mobile Platform | Snapdragon 865+ 5G Mobile Platform (SM8250-AB) | Snapdragon 870 5G Mobile Platform (SM8250-AC) | Snapdragon 888 5G Mobile Platform | Snapdragon 888+ 5G Mobile Platform (SM8350-AC) | Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" | Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" | Snapdragon 8cx Compute Platform (SC8180X-AA, AB) | Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" | Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" | Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) | Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) | Snapdragon AR1 Gen 1 Platform | Snapdragon AR1 Gen 1 Platform "Luna1" | Snapdragon AR2 Gen 1 Platform | Snapdragon Auto 5G Modem-RF | Snapdragon Auto 5G Modem-RF Gen 2 | Snapdragon W5+ Gen 1 Wearable Platform | Snapdragon Wear 1300 Platform | Snapdragon Wear 4100+ Platform | Snapdragon X12 LTE Modem | Snapdragon X24 LTE Modem | Snapdragon X32 5G Modem-RF System | Snapdragon X35 5G Modem-RF System | Snapdragon X5 LTE Modem | Snapdragon X50 5G Modem-RF System | Snapdragon X55 5G Modem-RF System | Snapdragon X62 5G Modem-RF System | Snapdragon X65 5G Modem-RF System | Snapdragon X72 5G Modem-RF System | Snapdragon X75 5G Modem-RF System | Snapdragon XR1 Platform | Snapdragon XR2 5G Platform | Snapdragon XR2+ Gen 1 Platform | Snapdragon Auto 4G Modem | SRV1H | SRV1L | SRV1M | SSG2115P | SSG2125P | SW5100 | SW5100P | SXR1120 | SXR1230P | SXR2130 | SXR2230P | SXR2250P | SXR2330P | SXR2350P | TalynPlus | Vision Intelligence 100 Platform (APQ8053-AA) | Vision Intelligence 200 Platform (APQ8053-AC) | Vision Intelligence 300 Platform | Vision Intelligence 400 Platform
CWE
CWE-131, CWE-131 Incorrect Calculation of Buffer Size
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published
2025-10-09T03:18:00.779Z
Updated
2025-10-09T03:18:00.779Z
References
AI Summary Analysis
Risk verdict
High risk of local exploitation in the HLOS PlayReady path, with immediate urgency for on-device patching once available.
Why this matters
The CVSS base score is 7.8 with high impact to confidentiality, integrity and availability, and no user interaction required. A successful local memory corruption could grant code execution within the DRM/TA processing stack, enabling data access, persistence or broader device compromise on Snapdragon platforms.
Most likely attack path
Exploitation requires local access (AV: local) and low privileges (PR: low) with no user interaction. An attacker could trigger the memory corruption while processing TA/PlayReady commands, potentially taking control of the DRM stack and, depending on the sandboxing, attempting limited lateral movement within the device. The impact is broad due to high integrity, confidentiality and availability losses, with the attack surface tied to devices that implement PlayReady in HLOS.
Who is most exposed
Widely deployed Snapdragon-based devices using PlayReady/TA components—likely mobile phones, automotive infotainment and IoT gateways. Devices with physical access or exposed debug interfaces are at higher risk, particularly where DRM paths are reachable by apps.
Detection ideas
- Monitor for DRM/PlayReady TA command handling crashes or unexpected exits.
- Look for memory corruption fault dumps, kernel or HLOS panics linked to DRM components.
- Track anomalous activity in the PlayReady service/process and related TA command calls.
- Increased fault counts or reboot loops during DRM operations.
Mitigation and prioritisation
- Apply vendor-provided patches from Qualcomm/OS vendors for the affected HLOS/PlayReady stack.
- Reduce attack surface: disable unused PlayReady features; apply the least-privilege model to apps that interact with DRM.
- Strengthen memory protections (ASLR, stack canaries, DEP) and strict process isolation around DRM/TA components.
- Coordinate patching across affected devices and enforce rapid-change management for fleet updates.
- If KEV is confirmed or EPSS is ≥0.5, treat as priority 1; otherwise proceed with high-priority remediation and monitoring. (Data on KEV/EPSS not provided here.)
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
