CVE-2025-59605
published 2026-06-01CVE-2025-59605: Memory Corruption when processing device identifier strings that exceed the expected maximum length.
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.07%
0.1th percentile
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
Affected
143 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Qualcomm Snapdragon Auto up to WSA8845H Device Identifier out-of-bounds write (WID-SEC-2026-1772)
vuldb·2026-06-03·CVSS 7.8
CVE-2025-59605 [HIGH] Qualcomm Snapdragon Auto up to WSA8845H Device Identifier out-of-bounds write (WID-SEC-2026-1772)
A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WBC and Snapdragon Wearables. The impacted element is an unknown function of the component Device Identifier Handler. The manipulation leads to out-of-bounds write.
This vulnerability is documented as CVE-2025-59605. The attack needs to be performed locally. There is not any exploit available.
It is advisable to upgrade the affected component.
GHSA
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
ghsa_unreviewed·2026-06-02
CVE-2025-59605 [HIGH] CWE-787 Memory Corruption when processing device identifier strings that exceed the expected maximum length.
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-01
Published