CVE-2025-27063

Q: What is the severity of CVE-2025-27063?

CVE-2025-27063 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in Qualcomm video processing components when a video session fails to open due to timeout errors. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using vulnerable Qualcomm chipsets, primarily smartphones and embedded systems.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm video processing components when a video session fails to open due to timeout errors. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using vulnerable Qualcomm chipsets, primarily smartphones and embedded systems.

💻 Affected Systems

Products:

Qualcomm chipsets with video processing capabilities

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipset models

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm video processing components; exact device models depend on chipset implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash or denial of service affecting video playback functionality.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious video content but could be delivered via web or messaging apps.

🏢 Internal Only: LOW - Primarily affects client devices rather than internal infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific timeout conditions during video session initialization, which may require crafted video content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific chipset firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Contact device manufacturer for firmware updates. 3. Apply firmware update following manufacturer instructions. 4. Reboot device after update.

🔧 Temporary Workarounds

Disable untrusted video sources

all

Restrict video playback to trusted applications and sources to reduce attack surface

Application sandboxing

all

Ensure video playback applications run with minimal privileges and proper sandboxing

🧯 If You Can't Patch

Implement application allowlisting to restrict which apps can play video content
Deploy memory protection technologies like ASLR and DEP if available

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory

Check Version:

Device-specific commands vary; on Android: 'getprop ro.bootloader' or check Settings > About Phone

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in advisory

📡 Detection & Monitoring

Log Indicators:

Video playback application crashes
Memory access violation errors in system logs
Video session timeout errors

Network Indicators:

Unusual video file downloads from untrusted sources
Multiple failed video playback attempts

SIEM Query:

Search for: 'video session timeout' OR 'memory corruption' OR 'video playback crash' in application/system logs

📊 Metadata

CVE ID: CVE-2025-27063

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (2.5th percentile)

Published: December 18, 2025

Last Updated: January 28, 2026

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qualcomm 215 Mobile Platform Firmware by Qualcomm

Robotics Rb2 Platform Firmware by Qualcomm

Robotics Rb5 Platform Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 460 Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware by Qualcomm

Snapdragon 660 Mobile Platform Firmware by Qualcomm

Snapdragon 662 Mobile Platform Firmware by Qualcomm

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

Snapdragon 685 4g Mobile Platform \(sm6225 Ad\) Firmware by Qualcomm

Snapdragon 690 5g Mobile Platform Firmware by Qualcomm

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

Snapdragon 765 5g Mobile Platform \(sm7250 Aa\) Firmware by Qualcomm

Snapdragon 765g 5g Mobile Platform \(sm7250 Ab\) Firmware by Qualcomm

Snapdragon 768g 5g Mobile Platform \(sm7250 Ac\) Firmware by Qualcomm

Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 778g\+ 5g Mobile Platform \(sm7325 Ae\) Firmware by Qualcomm

Snapdragon 782g Mobile Platform \(sm7325 Af\) Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

Snapdragon 865\+ 5g Mobile Platform \(sm8250 Ab\) Firmware by Qualcomm

Snapdragon 870 5g Mobile Platform \(sm8250 Ac\) Firmware by Qualcomm

Snapdragon 888 5g Mobile Platform Firmware by Qualcomm

Snapdragon 888\+ 5g Mobile Platform \(sm8350 Ac\) Firmware by Qualcomm

Snapdragon Ar1 Gen 1 Platform \"luna1\" Firmware by Qualcomm

Snapdragon Ar1 Gen 1 Platform Firmware by Qualcomm

Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm