CVE-2025-21486
published 2025-06-03CVE-2025-21486: Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.08%
0.4th percentile
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-39fm-j66r-ffj4: Memory corruption during dynamic process creation call when client is only passing address and length of shell binary
ghsa_unreviewed·2025-06-03
CVE-2025-21486 [HIGH] CWE-822 GHSA-39fm-j66r-ffj4: Memory corruption during dynamic process creation call when client is only passing address and length of shell binary
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Android
CVE-2025-21486: Kernel
vendor_android·2025-06-01·CVSS 7.8
CVE-2025-21486 [HIGH] CVE-2025-21486: Kernel
Android Security Bulletin 2025-06-01
CVE: CVE-2025-21486
Severity: HIGH
Component: Kernel
References: A-400449990
QC-CR#3986528
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-03
Published