Leftover Debug Code in Secure Element

August 6, 2025 invoker category_cve

CVE Details

Basic Information

Title Leftover Debug Code in Secure Element
Type cve
Published 2025-08-06T07:25:56.503Z
Modified 2025-08-06T07:25:56.503Z

Product Information

Vendor Qualcomm, Inc.
Product Snapdragon
Version FastConnect 6900

CVSS Information

Base Score 5.5 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Analysis

AI Description This vulnerability involves information disclosure due to leftover debug code in the secure element, which logs sensitive eSE debug messages.
AI Severity Medium
AI Vendor Qualcomm, Inc.
AI Product Snapdragon
AI Version FastConnect 6900, FastConnect 7800, QCA9367, QCA9377, QCS8550, SA8530P, SA8540P, SA9000P, Snapdragon 8 Gen 1 Mobile Platform, WCD9380, WSA8830, WSA8835

Affected Products

  • Qualcomm, Inc. Snapdragon FastConnect 6900
  • Qualcomm, Inc. Snapdragon FastConnect 7800
  • Qualcomm, Inc. Snapdragon QCA9367
  • Qualcomm, Inc. Snapdragon QCA9377
  • Qualcomm, Inc. Snapdragon QCS8550
  • Qualcomm, Inc. Snapdragon SA8530P
  • Qualcomm, Inc. Snapdragon SA8540P
  • Qualcomm, Inc. Snapdragon SA9000P
  • Qualcomm, Inc. Snapdragon Snapdragon 8 Gen 1 Mobile Platform
  • Qualcomm, Inc. Snapdragon WCD9380
  • Qualcomm, Inc. Snapdragon WSA8830
  • Qualcomm, Inc. Snapdragon WSA8835

Additional Information

CWE List CWE-489
Source qualcomm

Description

Information disclosure while capturing logs as eSE debug messages are logged.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.