CVE-2025-27029

Q: What is the severity of CVE-2025-27029?

CVE-2025-27029 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a Denial of Service (DoS) condition by sending specially crafted tone measurement responses that exceed buffer boundaries. It affects Qualcomm chipsets and devices using vulnerable firmware versions. The impact is temporary service disruption until the affected component restarts.

7.5 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability allows attackers to cause a Denial of Service (DoS) condition by sending specially crafted tone measurement responses that exceed buffer boundaries. It affects Qualcomm chipsets and devices using vulnerable firmware versions. The impact is temporary service disruption until the affected component restarts.

💻 Affected Systems

Products:

Qualcomm chipsets with vulnerable firmware

Versions: Specific versions listed in Qualcomm June 2025 security bulletin

Operating Systems: Android and other embedded systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with specific Qualcomm modem/baseband processors; exact models require checking Qualcomm advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption on affected devices requiring manual reboot or firmware reset, potentially affecting critical communication functions.

🟠

Likely Case

Temporary service interruption affecting specific radio/communication functions until automatic recovery mechanisms trigger.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; affected components recover automatically.

🌐 Internet-Facing: MEDIUM - Requires specific protocol access but could be exploited remotely if vulnerable services are exposed.

🏢 Internal Only: MEDIUM - Internal attackers with network access could disrupt communication services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires knowledge of tone measurement protocols and ability to send crafted responses to vulnerable components.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in Qualcomm June 2025 security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Obtain firmware updates from device manufacturer. 3. Apply firmware updates following manufacturer instructions. 4. Reboot affected devices.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate devices with vulnerable Qualcomm chipsets from untrusted networks

Protocol Filtering

all

Implement network filtering for tone measurement protocol traffic

🧯 If You Can't Patch

Implement strict network access controls to limit who can communicate with affected devices
Monitor for abnormal service disruptions and implement rapid response procedures

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm advisory; use manufacturer-specific diagnostic tools to check chipset firmware.

Check Version:

Manufacturer-specific commands vary; typically 'getprop' or diagnostic mode commands on Android devices.

Verify Fix Applied:

Verify firmware version has been updated to patched version; monitor for service stability.

📡 Detection & Monitoring

Log Indicators:

Unexpected service restarts
Modem/baseband crash logs
Radio interface failures

Network Indicators:

Abnormal tone measurement protocol traffic
Sudden service disruption patterns

SIEM Query:

Search for 'modem crash', 'baseband failure', or 'radio service restart' events in device logs

📊 Metadata

CVE ID: CVE-2025-27029

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: June 3, 2025

Last Updated: August 20, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 7800 Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5300 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq5424 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9048 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8080 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8101 Firmware by Qualcomm

Qca8102 Firmware by Qualcomm

Qca8111 Firmware by Qualcomm

Qca8112 Firmware by Qualcomm

Qca8384 Firmware by Qualcomm

Qca8385 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qcf8000 Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5224 Firmware by Qualcomm

Qcn6402 Firmware by Qualcomm

Qcn6412 Firmware by Qualcomm

Qcn6422 Firmware by Qualcomm

Qcn6432 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcn9160 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Qxm8083 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm6650p Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm8735 Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn6450 Firmware by Qualcomm

Wcn6650 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn7750 Firmware by Qualcomm

Wcn7860 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7880 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm