cbcvebase.
CVE-2025-21483
published 2025-09-24

CVE-2025-21483: Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.40%
32.0th percentile
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.

Affected

228 ranges· showing 25
VendorProductVersion rangeFixed in
googleandroid
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon

Detection & IOCsextracted from sources · hover to see the quote

  • ·CVE-2025-21483 affects a closed-source component (Qualcomm/OEM firmware); no public technical details, PoC, or patch diff are available to derive concrete IOCs or detection signatures.
  • ·The vulnerability is triggered via a malformed RTP packet during NALU reassembly, meaning exploitation occurs at the modem/baseband layer over the air — traditional host-based IOCs (hashes, file paths, registry keys) are not applicable.
  • ·Severity is rated CRITICAL; patching via the 2025-09-01 Android Security Bulletin is the primary mitigation. No exploitation-in-the-wild indicators are published in the available sources.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.