CVE-2025-21482

Q: What is the severity of CVE-2025-21482?

CVE-2025-21482 has a CVSS score of 7.1 (HIGH). This CVE describes a cryptographic vulnerability in RSA PKCS padding decoding that could allow attackers to decrypt sensitive data or forge digital signatures. It affects Qualcomm products implementing vulnerable cryptographic libraries. Organizations using affected Qualcomm chipsets in mobile devices, IoT devices, or networking equipment are potentially impacted.

7.1 HIGH

📋 TL;DR

This CVE describes a cryptographic vulnerability in RSA PKCS padding decoding that could allow attackers to decrypt sensitive data or forge digital signatures. It affects Qualcomm products implementing vulnerable cryptographic libraries. Organizations using affected Qualcomm chipsets in mobile devices, IoT devices, or networking equipment are potentially impacted.

💻 Affected Systems

Products:

Qualcomm chipsets and products using affected cryptographic libraries

Versions: Specific versions not detailed in provided reference; check Qualcomm advisory for exact affected versions

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in cryptographic library implementation; affects systems performing RSA operations with PKCS padding.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of encrypted communications, decryption of sensitive data, authentication bypass, and digital signature forgery.

🟠

Likely Case

Partial information disclosure through padding oracle attacks, potentially leading to decryption of some encrypted data.

🟢

If Mitigated

Limited impact with proper network segmentation, encryption at higher layers, and restricted access to vulnerable systems.

🌐 Internet-Facing: MEDIUM - Exploitation requires specific conditions and cryptographic operations, but internet-facing systems could be targeted.

🏢 Internal Only: MEDIUM - Internal systems could be exploited by attackers with network access, but requires specific cryptographic operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to interact with cryptographic operations and may involve padding oracle attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm September 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Review Qualcomm September 2025 security bulletin. 2. Identify affected products and versions. 3. Apply firmware/software updates from device manufacturers. 4. Reboot affected devices after patching.

🔧 Temporary Workarounds

Disable vulnerable cryptographic operations

all

If possible, disable RSA operations with PKCS padding in affected systems

System-specific configuration changes required

Implement additional encryption layers

all

Use TLS/SSL with modern cipher suites that don't rely solely on vulnerable RSA implementations

Configure web servers and applications to prioritize ECDHE cipher suites

🧯 If You Can't Patch

Segment network to restrict access to systems performing RSA operations
Monitor for unusual cryptographic operations or decryption attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm advisory; test RSA operations with PKCS padding for vulnerability

Check Version:

Device-specific commands vary; for Android: 'getprop ro.build.fingerprint' or check Settings > About Phone

Verify Fix Applied:

Verify firmware version has been updated to patched version; test RSA operations to confirm padding decoding works correctly

📡 Detection & Monitoring

Log Indicators:

Multiple failed cryptographic operations
Unusual RSA decryption patterns
Padding-related error messages

Network Indicators:

Unusual traffic patterns to/from systems performing cryptographic operations
Repeated connection attempts to cryptographic services

SIEM Query:

source="crypto_logs" AND (error="padding" OR operation="RSA") | stats count by src_ip, dest_ip

📊 Metadata

CVE ID: CVE-2025-21482

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-310

EPSS Score: 0.01% exploit probability (1.3th percentile)

Published: September 24, 2025

Last Updated: December 2, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

9205 Lte Modem Firmware by Qualcomm

9206 Lte Modem Firmware by Qualcomm

9207 Lte Modem Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8037 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Apq8092 Firmware by Qualcomm

Apq8094 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar3012 Firmware by Qualcomm

Ar7420 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Fsm9900 Firmware by Qualcomm

Fsm9905 Firmware by Qualcomm

Fsm9910 Firmware by Qualcomm

Fsm9915 Firmware by Qualcomm

Fsm9916 Firmware by Qualcomm

Fsm9950 Firmware by Qualcomm

Fsm9955 Firmware by Qualcomm

Home Hub 100 Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5300 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8062 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8066 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8069 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9048 Firmware by Qualcomm