CVE-2025-21449 | Buffer Over-read in WLAN Embedded SW

Transient DOS may occur while processing malformed length field in SSID IEs.

Published: 2025-07-08 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2025-21449 is rated Low Risk (33.2/100): CVSS High severity, with low exploitation likelihood (EPSS 0.20%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-21449

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.35% 0.20% -0.15%
2 2026-05-04 0.05% 0.35% +0.30%
3 2025-12-16 0.05%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-21449

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
3.9 3.6 [email protected]

Weakness enumeration for CVE-2025-21449

Affected software / configurations for CVE-2025-21449

Vendor Product Version Raw CPE
qualcomm sm8635p_firmware cpe:2.3:o:qualcomm:sm8635p_firmware:-:*:*:*:*:*:*:*
qualcomm sm8650q_firmware cpe:2.3:o:qualcomm:sm8650q_firmware:-:*:*:*:*:*:*:*
qualcomm sm8735_firmware cpe:2.3:o:qualcomm:sm8735_firmware:-:*:*:*:*:*:*:*
qualcomm sm8750_firmware cpe:2.3:o:qualcomm:sm8750_firmware:-:*:*:*:*:*:*:*
qualcomm sm8750p_firmware cpe:2.3:o:qualcomm:sm8750p_firmware:-:*:*:*:*:*:*:*
qualcomm smart_audio_200_platform_firmware cpe:2.3:o:qualcomm:smart_audio_200_platform_firmware:-:*:*:*:*:*:*:*
qualcomm smart_audio_400_platform_firmware cpe:2.3:o:qualcomm:smart_audio_400_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_4_gen_1_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_4_gen_1_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_4_gen_2_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_4_gen_2_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_460_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_460_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_480_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_480_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_480\+_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_480\+_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_660_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_660_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_662_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_662_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_665_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_665_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_670_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_670_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_675_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_675_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_678_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_678_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_680_4g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_685_4g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_685_4g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_690_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_690_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_695_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_695_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_710_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_710_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_712_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_712_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_720g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_720g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_730_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_730_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_730g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_730g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_732g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_732g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_750g_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_750g_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_765_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_765_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_765g_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_765g_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_768g_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_768g_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_778g_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_778g_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_778g\+_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_778g\+_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_780g_5g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_780g_5g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_782g_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_782g_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_7c_compute_firmware cpe:2.3:o:qualcomm:snapdragon_7c_compute_firmware:-:*:*:*:*:*:*:*
qualcomm sc7180-ad_firmware cpe:2.3:o:qualcomm:sc7180-ad_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_7c\+_gen_3_compute_firmware cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8_gen_1_mobile_firmware cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_firmware:-:*:*:*:*:*:*:*
qualcomm 315_5g_iot_firmware cpe:2.3:o:qualcomm:315_5g_iot_firmware:-:*:*:*:*:*:*:*
qualcomm apq8017_firmware cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*
qualcomm apq8064au_firmware cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*
qualcomm aqt1000_firmware cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*
qualcomm ar8031_firmware cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*
qualcomm ar8035_firmware cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
qualcomm ar9380_firmware cpe:2.3:o:qualcomm:ar9380_firmware:-:*:*:*:*:*:*:*
qualcomm csr8811_firmware cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*
qualcomm csra6620_firmware cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*
qualcomm csra6640_firmware cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*
qualcomm csrb31024_firmware cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*
qualcomm fastconnect_6200_firmware cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*
qualcomm fastconnect_6700_firmware cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
qualcomm fastconnect_6800_firmware cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*
qualcomm fastconnect_6900_firmware cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
qualcomm fastconnect_7800_firmware cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
qualcomm flight_rb5_5g_firmware cpe:2.3:o:qualcomm:flight_rb5_5g_firmware:-:*:*:*:*:*:*:*
qualcomm home_hub_100_firmware cpe:2.3:o:qualcomm:home_hub_100_firmware:-:*:*:*:*:*:*:*
qualcomm immersive_home_214_firmware cpe:2.3:o:qualcomm:immersive_home_214_firmware:-:*:*:*:*:*:*:*
qualcomm immersive_home_216_firmware cpe:2.3:o:qualcomm:immersive_home_216_firmware:-:*:*:*:*:*:*:*
qualcomm immersive_home_316_firmware cpe:2.3:o:qualcomm:immersive_home_316_firmware:-:*:*:*:*:*:*:*
qualcomm immersive_home_318_firmware cpe:2.3:o:qualcomm:immersive_home_318_firmware:-:*:*:*:*:*:*:*
qualcomm video_collaboration_vc1_platform_firmware cpe:2.3:o:qualcomm:video_collaboration_vc1_platform_firmware:-:*:*:*:*:*:*:*
qualcomm video_collaboration_vc3_platform_firmware cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*
qualcomm video_collaboration_vc5_platform_firmware cpe:2.3:o:qualcomm:video_collaboration_vc5_platform_firmware:-:*:*:*:*:*:*:*
qualcomm robotics_rb2_firmware cpe:2.3:o:qualcomm:robotics_rb2_firmware:-:*:*:*:*:*:*:*
qualcomm robotics_rb3_firmware cpe:2.3:o:qualcomm:robotics_rb3_firmware:-:*:*:*:*:*:*:*
qualcomm robotics_rb5_firmware cpe:2.3:o:qualcomm:robotics_rb5_firmware:-:*:*:*:*:*:*:*
qualcomm sa4150p_firmware cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*
qualcomm sa4155p_firmware cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*
qualcomm sa6145p_firmware cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
qualcomm sa6150p_firmware cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
qualcomm sa6155_firmware cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*
qualcomm sa6155p_firmware cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
qualcomm sa7255p_firmware cpe:2.3:o:qualcomm:sa7255p_firmware:-:*:*:*:*:*:*:*
qualcomm sa7775p_firmware cpe:2.3:o:qualcomm:sa7775p_firmware:-:*:*:*:*:*:*:*
qualcomm sa8145p_firmware cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*
qualcomm sa8150p_firmware cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
qualcomm sa8155_firmware cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*
qualcomm sa8155p_firmware cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*

References for CVE-2025-21449

cvelogic Threat Intelligence