CVE-2025-27030

Q: What is the severity of CVE-2025-27030?

CVE-2025-27030 has a CVSS score of 6.1 (MEDIUM). This CVE-2025-27030 vulnerability allows unauthorized information disclosure when calibration data is invoked from user space to update firmware size. It affects Qualcomm devices and systems using vulnerable firmware components. Attackers could potentially access sensitive calibration data that should remain protected.

6.1 MEDIUM

📋 TL;DR

This CVE-2025-27030 vulnerability allows unauthorized information disclosure when calibration data is invoked from user space to update firmware size. It affects Qualcomm devices and systems using vulnerable firmware components. Attackers could potentially access sensitive calibration data that should remain protected.

💻 Affected Systems

Products:

Qualcomm chipsets and devices using affected firmware

Versions: Specific versions not detailed in reference; check Qualcomm advisory for exact affected versions

Operating Systems: Android and other OS using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where user space applications can invoke calibration data operations. Exact product list requires checking Qualcomm's detailed advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive calibration data and firmware information could be exfiltrated, potentially revealing device-specific configuration details that could aid in further attacks or reverse engineering.

🟠

Likely Case

Limited information disclosure of calibration parameters that may not contain highly sensitive data but could still reveal device characteristics.

🟢

If Mitigated

With proper access controls and firmware validation, the impact would be minimal as unauthorized user space access would be blocked.

🌐 Internet-Facing: LOW - This vulnerability requires local access or compromised user space execution, making direct internet exploitation unlikely.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised local accounts could exploit this to gather device information for further attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user space access and ability to invoke specific calibration operations. No public exploit code available as of advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm September 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html

Restart Required: No

Instructions:

1. Check Qualcomm advisory for affected chipset/device list. 2. Obtain firmware updates from device manufacturer. 3. Apply firmware patches following manufacturer instructions. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict user space calibration access

all

Implement access controls to prevent unauthorized user space applications from invoking calibration operations

🧯 If You Can't Patch

Implement strict application sandboxing and privilege separation
Monitor for unusual calibration data access patterns in system logs

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's affected version list in September 2025 bulletin

Check Version:

Device-specific commands vary by manufacturer; typically 'getprop' or manufacturer-specific firmware check commands

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Unusual calibration data access from user space applications
Firmware size modification attempts

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Search for calibration-related system calls or firmware modification attempts from non-privileged processes

📊 Metadata

CVE ID: CVE-2025-27030

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

EPSS Score: 0.02% exploit probability (4.4th percentile)

Published: September 24, 2025

Last Updated: September 25, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

C V2x 9150 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8530p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm