CVE Alert: CVE-2025-27054 – Qualcomm, Inc. – Snapdragon
CVE-2025-27054
HIGHNo exploitation known
Memory corruption while processing a malformed license file during reboot.
CVSS v3.1 (7.8)
AV LOCAL · AC LOW · PR LOW · UI NONE · S UNCHANGED
Vendor
Qualcomm, Inc.
Product
Snapdragon
Versions
315 5G IoT Modem | 9205 LTE Modem | AQT1000 | AR8031 | AR8035 | C-V2X 9150 | CSRA6620 | CSRA6640 | FastConnect 6200 | FastConnect 6700 | FastConnect 6800 | FastConnect 6900 | FastConnect 7800 | Flight RB5 5G Platform | MDM9205S | QAM8255P | QAM8295P | QAM8620P | QAM8650P | QAM8775P | QAMSRV1H | QAMSRV1M | QCA4004 | QCA6174A | QCA6391 | QCA6420 | QCA6421 | QCA6426 | QCA6430 | QCA6431 | QCA6436 | QCA6574 | QCA6574A | QCA6574AU | QCA6584AU | QCA6595 | QCA6595AU | QCA6678AQ | QCA6688AQ | QCA6696 | QCA6698AQ | QCA6698AU | QCA6797AQ | QCA8081 | QCA8337 | QCA8386 | QCA8695AU | QCC2072 | QCC710 | QCC711 | QCF8001 | QCM2290 | QCM4290 | QCM4325 | QCM4490 | QCM5430 | QCM6125 | QCM6490 | QCM6690 | QCM8550 | QCN6024 | QCN6224 | QCN6274 | QCN7606 | QCN9011 | QCN9012 | QCN9024 | QCN9074 | QCN9274 | QCS2290 | QCS4290 | QCS4490 | QCS5430 | QCS6125 | QCS615 | QCS6490 | QCS6690 | QCS7230 | QCS8250 | QCS8300 | QCS8550 | QCS9100 | QDU1000 | QDU1010 | QDU1110 | QDU1210 | QDX1010 | QDX1011 | QEP8111 | QFW7114 | QFW7124 | QMP1000 | QRB5165M | QRB5165N | QRU1032 | QRU1052 | QRU1062 | QSM8250 | QSM8350 | QTS110 | Qualcomm Video Collaboration VC1 Platform | Qualcomm Video Collaboration VC3 Platform | Qualcomm Video Collaboration VC5 Platform | Robotics RB2 Platform | Robotics RB5 Platform | SA2150P | SA4150P | SA4155P | SA6145P | SA6150P | SA6155 | SA6155P | SA7255P | SA7775P | SA8145P | SA8150P | SA8155 | SA8155P | SA8195P | SA8255P | SA8295P | SA8530P | SA8540P | SA8620P | SA8650P | SA8770P | SA8775P | SA9000P | SC8180X+SDX55 | SC8380XP | SD 8 Gen1 5G | SD670 | SD730 | SD855 | SD865 5G | SD888 | SDX55 | SDX61 | SDX82 | SDX85 | SG4150P | SG6150 | SG6150P | SG8275P | SM4125 | SM4635 | SM6225P | SM6250 | SM6370 | SM6650 | SM6650P | SM7250P | SM7315 | SM7325P | SM7635 | SM7635P | SM7675 | SM7675P | SM8550P | SM8635 | SM8635P | SM8650Q | SM8735 | SM8750 | SM8750P | SM8850 | SM8850P | Smart Audio 400 Platform | Snapdragon 4 Gen 1 Mobile Platform | Snapdragon 4 Gen 2 Mobile Platform | Snapdragon 460 Mobile Platform | Snapdragon 480 5G Mobile Platform | Snapdragon 480+ 5G Mobile Platform (SM4350-AC) | Snapdragon 662 Mobile Platform | Snapdragon 665 Mobile Platform | Snapdragon 670 Mobile Platform | Snapdragon 675 Mobile Platform | Snapdragon 678 Mobile Platform (SM6150-AC) | Snapdragon 680 4G Mobile Platform | Snapdragon 685 4G Mobile Platform (SM6225-AD) | Snapdragon 690 5G Mobile Platform | Snapdragon 695 5G Mobile Platform | Snapdragon 710 Mobile Platform | Snapdragon 720G Mobile Platform | Snapdragon 730 Mobile Platform (SM7150-AA) | Snapdragon 730G Mobile Platform (SM7150-AB) | Snapdragon 732G Mobile Platform (SM7150-AC) | Snapdragon 750G 5G Mobile Platform | Snapdragon 765 5G Mobile Platform (SM7250-AA) | Snapdragon 765G 5G Mobile Platform (SM7250-AB) | Snapdragon 768G 5G Mobile Platform (SM7250-AC) | Snapdragon 778G 5G Mobile Platform | Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) | Snapdragon 780G 5G Mobile Platform | Snapdragon 782G Mobile Platform (SM7325-AF) | Snapdragon 7c+ Gen 3 Compute | Snapdragon 8 Gen 1 Mobile Platform | Snapdragon 8 Gen 2 Mobile Platform | Snapdragon 8 Gen 3 Mobile Platform | Snapdragon 8+ Gen 1 Mobile Platform | Snapdragon 8+ Gen 2 Mobile Platform | Snapdragon 855 Mobile Platform | Snapdragon 855+/860 Mobile Platform (SM8150-AC) | Snapdragon 865 5G Mobile Platform | Snapdragon 865+ 5G Mobile Platform (SM8250-AB) | Snapdragon 870 5G Mobile Platform (SM8250-AC) | Snapdragon 888 5G Mobile Platform | Snapdragon 888+ 5G Mobile Platform (SM8350-AC) | Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" | Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" | Snapdragon 8cx Compute Platform (SC8180X-AA, AB) | Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" | Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" | Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) | Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) | Snapdragon AR1 Gen 1 Platform | Snapdragon AR1 Gen 1 Platform "Luna1" | Snapdragon AR2 Gen 1 Platform | Snapdragon Auto 5G Modem-RF | Snapdragon Auto 5G Modem-RF Gen 2 | Snapdragon W5+ Gen 1 Wearable Platform | Snapdragon Wear 1300 Platform | Snapdragon X32 5G Modem-RF System | Snapdragon X35 5G Modem-RF System | Snapdragon X50 5G Modem-RF System | Snapdragon X55 5G Modem-RF System | Snapdragon X62 5G Modem-RF System | Snapdragon X65 5G Modem-RF System | Snapdragon X72 5G Modem-RF System | Snapdragon X75 5G Modem-RF System | Snapdragon XR1 Platform | Snapdragon XR2 5G Platform | Snapdragon XR2+ Gen 1 Platform | Snapdragon Auto 4G Modem | SRV1H | SRV1L | SRV1M | SSG2115P | SSG2125P | SW5100 | SW5100P | SXR1120 | SXR1230P | SXR2130 | SXR2230P | SXR2250P | SXR2330P | SXR2350P | TalynPlus | WCD9306 | WCD9326 | WCD9335 | WCD9340 | WCD9341 | WCD9360 | WCD9370 | WCD9375 | WCD9378 | WCD9378C | WCD9380 | WCD9385 | WCD9390 | WCD9395 | WCN3910 | WCN3950 | WCN3980 | WCN3988 | WCN3990 | WCN3999 | WCN6450 | WCN6650 | WCN6740 | WCN6755 | WCN7750 | WCN7860 | WCN7861 | WCN7880 | WCN7881 | WSA8810 | WSA8815 | WSA8830 | WSA8832 | WSA8835 | WSA8840 | WSA8845 | WSA8845H | X2000077 | X2000086 | X2000090 | X2000092 | X2000094 | XG101002 | XG101032 | XG101039
CWE
CWE-787, CWE-787: Out-of-bounds Write
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published
2025-10-09T03:18:03.164Z
Updated
2025-10-09T03:18:03.164Z
References
AI Summary Analysis
Risk verdict
High risk: local, low-privilege memory corruption during the reboot sequence could fully compromise affected Qualcomm Snapdragon platforms; urgency increases where devices are exposed to attackers with physical access.
Why this matters
A successful exploit can expose or corrupt data, enable arbitrary code execution, and disrupt device availability across a wide range of deployments. Given the high impact on confidentiality, integrity and availability, and the potential for persistence through reboot-critical pathways, attacker objectives such as data theft or device takeover are plausible on exposed devices.
Most likely attack path
- Attack vector: LOCAL
- Preconditions: attacker must access the device physically or through an adjacent compromised session to trigger the reboot sequence.
- Precondition strength: PRIVILEGES REQUIRED LOW; ATTACK COMPLEXITY LOW; no user interaction needed.
- Likely flow: attacker supplies a malformed license input during reboot to provoke an out-of-bounds write, enabling code execution or memory corruption within the reboot/license-handling path. Scope remains unchanged, so the impact affects the same component rather than a broader trust boundary.
Who is most exposed
Common on broad Snapdragon deployments: mobile devices, automotive ECUs, IoT and wearables where license or firmware validation occurs during reboot. OEMs and integrators with frequent firmware updates and complex license workflows are particularly at risk.
Detection ideas
- Boot-time crash dumps and kernel panics referencing memory corruption.
- Logs showing malformed license processing during reboot or parsing errors.
- Unusual watchdog resets or reboot loops immediately after license validation.
- Memory or heap corruption indicators in crash analytics after power cycles.
Mitigation and prioritisation
- Apply vendor-provided firmware/SoC updates once available; prioritise installation during next maintenance window.
- Enforce secure boot and memory protection to limit post-reboot code manipulation.
- Harden license processing: strict input validation, bounds checks, and sandboxing of license parsing.
- Implement monitoring for reboot-time anomalies and license-file tampering indicators.
- Change-management: coordinate with OEMs for staged rollouts; validate in lab environments before broad deployment.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
