CVE 6.1 MEDIUM

Buffer Over-read in Automotive OS Platform Android_CVE-2025-21457

August 6, 2025 invoker category_cve

6.1 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Description

Information disclosure while opening a fastrpc session when domain is not sanitized.

AI Analysis

A buffer over-read vulnerability in the Automotive OS Platform Android could lead to information disclosure when opening a FastRPC session without proper domain sanitization.

Basic Information

ID CVE-2025-21457

Source qualcomm

Published Aug 6, 2025 at 07:25

Modified Aug 6, 2025 at 14:37

Affected Product

Vendor Qualcomm, Inc.

Product Snapdragon

Version AR8035

Affected Versions Qualcomm, Inc. Snapdragon AR8035
Qualcomm, Inc. Snapdragon FastConnect 7800
Qualcomm, Inc. Snapdragon QCA6584AU
Qualcomm, Inc. Snapdragon QCA6698AQ
Qualcomm, Inc. Snapdragon QCA8081
Qualcomm, Inc. Snapdragon QCA8337
Qualcomm, Inc. Snapdragon QCC710
Qualcomm, Inc. Snapdragon QCN6224
Qualcomm, Inc. Snapdragon QCN6274
Qualcomm, Inc. Snapdragon QFW7114
Qualcomm, Inc. Snapdragon QFW7124
Qualcomm, Inc. Snapdragon Snapdragon Auto 5G Modem-RF Gen 2
Qualcomm, Inc. Snapdragon Snapdragon X72 5G Modem-RF System
Qualcomm, Inc. Snapdragon Snapdragon X75 5G Modem-RF System
Qualcomm, Inc. Snapdragon WCD9340

CWE Classification

CWE-126

AI Assessment

AI Severity Medium

Vendor Qualcomm, Inc.

Product Snapdragon

Version AR8035

References

docs.qualcomm.com /product/publicresources/securitybulletin/august-2025-bulletin.html

{
    "lastseen": "",
    "description": "Information disclosure while opening a fastrpc session when domain is not sanitized.",
    "published": "2025-08-06T07:25:50.337Z",
    "modified": "2025-08-06T14:37:52.448Z",
    "type": "cve",
    "title": "Buffer Over-read in Automotive OS Platform Android",
    "source": "qualcomm",
    "references": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html",
    "id": "CVE-2025-21457",
    "bulletinFamily": "",
    "cwe": [
        "CWE-126"
    ],
    "cvelist": null,
    "sourceData": "Qualcomm, Inc. Snapdragon AR8035\nQualcomm, Inc. Snapdragon FastConnect 7800\nQualcomm, Inc. Snapdragon QCA6584AU\nQualcomm, Inc. Snapdragon QCA6698AQ\nQualcomm, Inc. Snapdragon QCA8081\nQualcomm, Inc. Snapdragon QCA8337\nQualcomm, Inc. Snapdragon QCC710\nQualcomm, Inc. Snapdragon QCN6224\nQualcomm, Inc. Snapdragon QCN6274\nQualcomm, Inc. Snapdragon QFW7114\nQualcomm, Inc. Snapdragon QFW7124\nQualcomm, Inc. Snapdragon Snapdragon Auto 5G Modem-RF Gen 2\nQualcomm, Inc. Snapdragon Snapdragon X72 5G Modem-RF System\nQualcomm, Inc. Snapdragon Snapdragon X75 5G Modem-RF System\nQualcomm, Inc. Snapdragon WCD9340",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Snapdragon",
    "version": "AR8035",
    "vendor": "Qualcomm, Inc.",
    "ai_description": "A buffer over-read vulnerability in the Automotive OS Platform Android could lead to information disclosure when opening a FastRPC session without proper domain sanitization.",
    "ai_severity": "Medium",
    "ai_vendor": "Qualcomm, Inc.",
    "ai_product": "Snapdragon",
    "ai_version": "AR8035",
    "ai_score": 0
}

💭 Join the Security Discussion ❌ Cancel Reply