Qualcomm Snapdragon 425 Mobile Platform Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Snapdragon 425 Mobile Platform Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2023-28550 — CVSS 7.8 (high): Memory corruption in MPP performance while accessing DSM watermark using external memory address.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2023-33110 — CVSS 7.8 (high): The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset…
CVE-2023-43513 — CVSS 7.8 (high): Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary…
CVE-2024-23353 — CVSS 7.5 (high): Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2025-21428 — CVSS 7.5 (high): Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
CVE-2024-23385 — CVSS 7.5 (high): Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.