CVE-2025-21488 — Buffer Over-read in INC Snapdragon

CWE-126 — Buffer Over-read3 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.1%

top 83.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedSep 24

Description

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon108 versions+107

🔴Vulnerability Details

GHSA

GHSA-xhv3-f69c-rq49: Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set↗2025-09-24

▶

📋Vendor Advisories

Android

CVE-2025-21488: Closed-source component↗2025-09-01

▶