CVE-2025-21450

Q: What is the severity of CVE-2025-21450?

CVE-2025-21450 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows attackers to intercept or manipulate data during downloads due to insecure connection methods. It affects systems using Qualcomm components with vulnerable firmware versions. The issue enables man-in-the-middle attacks against software updates or data transfers.

9.1 CRITICAL

📋 TL;DR

This vulnerability allows attackers to intercept or manipulate data during downloads due to insecure connection methods. It affects systems using Qualcomm components with vulnerable firmware versions. The issue enables man-in-the-middle attacks against software updates or data transfers.

💻 Affected Systems

Products:

Qualcomm chipsets and associated firmware

Versions: Specific versions listed in Qualcomm July 2025 security bulletin

Operating Systems: Android, embedded systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm firmware; exact product list requires checking vendor advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via malicious firmware/software injection, leading to persistent backdoors, data theft, or ransomware deployment.

🟠

Likely Case

Data interception leading to credential theft, sensitive information exposure, or installation of malicious software.

🟢

If Mitigated

Limited impact with proper network segmentation, certificate pinning, and download source validation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network position to intercept downloads; no authentication needed for the vulnerable connection method.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched versions specified in Qualcomm July 2025 bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset/firmware versions. 2. Obtain updated firmware from device manufacturer. 3. Apply firmware update following manufacturer instructions. 4. Reboot device.

🔧 Temporary Workarounds

Enforce HTTPS/TLS for all downloads

all

Configure systems to require secure connections for all download operations

Implement certificate pinning

all

Pin specific certificates for download sources to prevent man-in-the-middle attacks

🧯 If You Can't Patch

Segment network to isolate download traffic from untrusted networks
Monitor network traffic for unencrypted download attempts and alert on suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check firmware version against Qualcomm advisory; monitor for unencrypted download connections in network logs.

Check Version:

Device-specific command (e.g., 'getprop ro.build.fingerprint' for Android devices with Qualcomm chips)

Verify Fix Applied:

Verify firmware version matches patched version from advisory; test downloads use secure connections.

📡 Detection & Monitoring

Log Indicators:

Unencrypted HTTP download attempts
Certificate validation failures
Unexpected download sources

Network Indicators:

Plaintext download traffic to/from affected systems
Man-in-the-middle attack patterns

SIEM Query:

source_port=80 OR dest_port=80 AND (protocol=HTTP AND (uri CONTAINS 'download' OR uri CONTAINS 'update'))

📊 Metadata

CVE ID: CVE-2025-21450

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-287

EPSS Score: 0.03% exploit probability (9.6th percentile)

Published: July 8, 2025

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6698au Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx61 Firmware by Qualcomm

Sdx80m Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm4635 Firmware by Qualcomm

Sm6370 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm6650p Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7635p Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8650q Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 695 5g Mobile Firmware by Qualcomm

Snapdragon 778g 5g Mobile Firmware by Qualcomm

Snapdragon 778g 5g Mobile Firmware by Qualcomm

Snapdragon 782g Mobile Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Snapdragon 888 5g Mobile Firmware by Qualcomm

Snapdragon 888 5g Mobile Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Firmware by Qualcomm

Snapdragon X32 5g Modem Rf Firmware by Qualcomm

Snapdragon X35 5g Modem Rf Firmware by Qualcomm

Snapdragon X62 5g Modem Rf Firmware by Qualcomm

Snapdragon X65 5g Modem Rf Firmware by Qualcomm

Snapdragon X72 5g Modem Rf Firmware by Qualcomm