CVE-2025-27074

Q: What is the severity of CVE-2025-27074?

CVE-2025-27074 has a CVSS score of 8.8 (HIGH). This vulnerability involves memory corruption while processing a GP command response in Qualcomm components, potentially allowing attackers to execute arbitrary code or cause denial of service. It affects devices using vulnerable Qualcomm chipsets, primarily mobile devices and IoT products.

8.8 HIGH

📋 TL;DR

This vulnerability involves memory corruption while processing a GP command response in Qualcomm components, potentially allowing attackers to execute arbitrary code or cause denial of service. It affects devices using vulnerable Qualcomm chipsets, primarily mobile devices and IoT products.

💻 Affected Systems

Products:

Qualcomm chipsets with GP command processing functionality

Versions: Specific versions not detailed in reference; check Qualcomm advisory

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm chipsets that process GP commands; exact models require checking Qualcomm's bulletin

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Device crash or denial of service requiring reboot

🟢

If Mitigated

Limited impact with proper memory protections and exploit mitigations in place

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires sending malicious GP command responses; complexity depends on memory layout and protections

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm November 2025 security bulletin for specific patches

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Obtain firmware updates from device manufacturer. 3. Apply updates following manufacturer instructions. 4. Reboot device.

🔧 Temporary Workarounds

Disable unnecessary GP command processing

all

Limit exposure by disabling non-essential GP command handlers if supported

Device-specific; consult manufacturer documentation

🧯 If You Can't Patch

Isolate affected devices on segmented networks to limit attack surface
Implement strict network filtering to block unauthorized GP command traffic

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's patched versions in the advisory

Check Version:

Device-specific; typically 'cat /proc/version' or manufacturer settings menu

Verify Fix Applied:

Confirm firmware version matches or exceeds patched version listed in Qualcomm bulletin

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes or reboots in system logs
Memory corruption errors in kernel logs

Network Indicators:

Unusual GP command traffic patterns
Anomalous network requests to Qualcomm services

SIEM Query:

Device logs showing process crashes with Qualcomm component signatures

📊 Metadata

CVE ID: CVE-2025-27074

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-131

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: November 4, 2025

Last Updated: November 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8064au Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6234 Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6694 Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5054 Firmware by Qualcomm

Qcn5064 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm

Qcn5164 Firmware by Qualcomm

Qcn5550 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6100 Firmware by Qualcomm

Qcn6102 Firmware by Qualcomm

Qcn6112 Firmware by Qualcomm

Qcn6122 Firmware by Qualcomm

Qcn6132 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9001 Firmware by Qualcomm

Qcn9002 Firmware by Qualcomm

Qcn9003 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9022 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcn9100 Firmware by Qualcomm