CVE-2025-21487 — Buffer Over-read in INC Snapdragon

CWE-126 — Buffer Over-read3 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.1%

top 83.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedSep 24

Description

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon227 versions+226

🔴Vulnerability Details

GHSA

GHSA-j4c6-9q52-52q7: Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer l↗2025-09-24

▶

📋Vendor Advisories

Android

CVE-2025-21487: Closed-source component↗2025-09-01

▶