CVE-2025-21484 — Buffer Over-read in INC Snapdragon

CWE-126 — Buffer Over-read3 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.1%

top 83.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedSep 24

Description

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon173 versions+172

🔴Vulnerability Details

GHSA

GHSA-fr4j-w362-3r3p: Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet↗2025-09-24

▶

📋Vendor Advisories

Android

CVE-2025-21484: Closed-source component↗2025-09-01

▶