CVE-2025-21476

Q: What is the severity of CVE-2025-21476?

CVE-2025-21476 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption during Trusted Virtual Machine handshake parameter passing, potentially enabling arbitrary code execution or denial of service. It affects systems using Qualcomm chipsets with vulnerable firmware versions. Attackers could exploit this to compromise the trusted execution environment.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption during Trusted Virtual Machine handshake parameter passing, potentially enabling arbitrary code execution or denial of service. It affects systems using Qualcomm chipsets with vulnerable firmware versions. Attackers could exploit this to compromise the trusted execution environment.

💻 Affected Systems

Products:

Qualcomm chipsets with Trusted Virtual Machine functionality

Versions: Specific firmware versions listed in Qualcomm September 2025 security bulletin

Operating Systems: Android, Linux-based systems using affected Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Trusted Virtual Machine enabled; exact chipset models and firmware versions detailed in vendor advisory

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Trusted Virtual Machine, allowing execution of arbitrary code in the trusted execution environment, potentially leading to full system compromise and data exfiltration.

🟠

Likely Case

Denial of service through Trusted Virtual Machine crash or instability, potentially disrupting secure operations and applications relying on the trusted execution environment.

🟢

If Mitigated

Limited impact with proper isolation and monitoring, potentially only causing localized instability without broader system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires access to the Trusted Virtual Machine interface and knowledge of memory corruption techniques; no public exploits currently available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates specified in Qualcomm September 2025 security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device to activate updated firmware. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Disable Trusted Virtual Machine

all

Temporarily disable Trusted Virtual Machine functionality if not required for operations

Device-specific commands to disable TZ/TrustZone features

Restrict Trusted Virtual Machine Access

all

Limit which applications and users can interact with Trusted Virtual Machine interfaces

System-specific access control configuration

🧯 If You Can't Patch

Isolate affected systems from untrusted networks and users
Implement strict monitoring of Trusted Virtual Machine access and behavior

🔍 How to Verify

Check if Vulnerable:

Check firmware version against Qualcomm advisory; examine Trusted Virtual Machine configuration and logs for abnormal handshake patterns

Check Version:

Device-specific firmware version check command (e.g., 'getprop ro.build.version.security_patch' for Android)

Verify Fix Applied:

Verify firmware version matches patched version from Qualcomm bulletin; test Trusted Virtual Machine handshake functionality

📡 Detection & Monitoring

Log Indicators:

Abnormal Trusted Virtual Machine handshake failures
Memory access violations in trusted execution environment logs
Unexpected Trusted Virtual Machine restarts

Network Indicators:

Unusual communication patterns to/from trusted execution environment interfaces

SIEM Query:

Search for 'Trusted Virtual Machine' OR 'TZ' events with error codes indicating memory corruption or handshake failures

📊 Metadata

CVE ID: CVE-2025-21476

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: September 24, 2025

Last Updated: September 25, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qca6391 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs615 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Sg8275 Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8550 Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8650 Firmware by Qualcomm

Sm8650p Firmware by Qualcomm

Sm8650q Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Sxr2330p Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn6650 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wcn7850 Firmware by Qualcomm

Wcn7851 Firmware by Qualcomm

Wcn7860 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7880 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm