CVE-2025-27046

Q: What is the severity of CVE-2025-27046?

CVE-2025-27046 has a CVSS score of 7.8 (HIGH). This vulnerability involves memory corruption in Qualcomm components when processing multiple simultaneous escape calls, potentially allowing attackers to execute arbitrary code or cause denial of service. It affects devices using vulnerable Qualcomm chipsets, particularly mobile devices and embedded systems.

7.8 HIGH

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability involves memory corruption in Qualcomm components when processing multiple simultaneous escape calls, potentially allowing attackers to execute arbitrary code or cause denial of service. It affects devices using vulnerable Qualcomm chipsets, particularly mobile devices and embedded systems.

💻 Affected Systems

Products:

Qualcomm chipsets and devices using affected components

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipset versions

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with specific Qualcomm hardware components; exact models depend on chipset implementation

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application or system crash causing denial of service, potentially requiring device restart.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires triggering specific race condition with simultaneous escape calls; timing-dependent exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific chipset firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models
2. Obtain firmware updates from device manufacturer
3. Apply firmware update following manufacturer instructions
4. Reboot device to activate fixes

🔧 Temporary Workarounds

Disable vulnerable services

all

Identify and disable services using the affected Qualcomm escape call functionality if not required

Memory protection hardening

all

Enable ASLR, DEP, and other memory protection mechanisms to reduce exploit success

🧯 If You Can't Patch

Segment network to isolate vulnerable devices from untrusted networks
Implement strict access controls and monitoring for devices with vulnerable components

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory

Check Version:

Device-specific commands vary; typically 'getprop ro.bootloader' or similar on Android devices

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in advisory

📡 Detection & Monitoring

Log Indicators:

Multiple simultaneous escape call attempts
Memory corruption errors in system logs
Unexpected process crashes

Network Indicators:

Unusual network traffic to device management interfaces
Multiple rapid connection attempts to vulnerable services

SIEM Query:

Search for 'CWE-415' or 'memory corruption' events combined with Qualcomm component identifiers

📊 Metadata

CVE ID: CVE-2025-27046

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: July 8, 2025

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sc7180 Ac Firmware by Qualcomm

Sc7180 Ad Firmware by Qualcomm

Sc8180x Aaab Firmware by Qualcomm

Sc8180x Acaf Firmware by Qualcomm

Sc8180x Ad Firmware by Qualcomm

Sc8180x\+sdx55 Firmware by Qualcomm

Sc8180xp Aaab Firmware by Qualcomm

Sc8180xp Acaf Firmware by Qualcomm

Sc8180xp Ad Firmware by Qualcomm

Sc8280xp Abbb Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm