CVE-2025-27071 - Vulnerability Details - OpenCVE

Memory corruption while processing specific files in Powerline Communication Firmware.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Qualcomm	Snapdragon

No data.

No data.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html

History

Tue, 12 Aug 2025 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm snapdragon
Vendors & Products		Qualcomm Qualcomm snapdragon

Wed, 06 Aug 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 06 Aug 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		Memory corruption while processing specific files in Powerline Communication Firmware.
Title		Buffer Copy Without Checking Size of Input in Powerline Communication Firmware
Weaknesses		CWE-120
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2025-08-06T07:26:07.500Z

Updated: 2025-08-06T13:35:05.577Z

Reserved: 2025-02-18T09:19:46.888Z

Link: CVE-2025-27071

Vulnrichment

Updated: 2025-08-06T13:35:00.746Z

NVD

Status : Awaiting Analysis

Published: 2025-08-06T08:15:29.830

Modified: 2025-08-06T20:23:37.600

Link: CVE-2025-27071

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27071", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "state": "PUBLISHED", "assignerShortName": "qualcomm", "dateReserved": "2025-02-18T09:19:46.888Z", "datePublished": "2025-08-06T07:26:07.500Z", "dateUpdated": "2025-08-06T13:35:05.577Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Snapdragon Compute", "Snapdragon Mobile", "Snapdragon Wearables"], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "FastConnect 6800"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "QCA6391"}, {"status": "affected", "version": "QCA6426"}, {"status": "affected", "version": "QCA6436"}, {"status": "affected", "version": "QSM8250"}, {"status": "affected", "version": "SD865 5G"}, {"status": "affected", "version": "SDM429W"}, {"status": "affected", "version": "SDX55"}, {"status": "affected", "version": "Snapdragon 429 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 865 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"}, {"status": "affected", "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"}, {"status": "affected", "version": "Snapdragon W5+ Gen 1 Wearable Platform"}, {"status": "affected", "version": "Snapdragon X55 5G Modem-RF System"}, {"status": "affected", "version": "Snapdragon XR2 5G Platform"}, {"status": "affected", "version": "SW5100"}, {"status": "affected", "version": "SW5100P"}, {"status": "affected", "version": "SXR2130"}, {"status": "affected", "version": "SXR2230P"}, {"status": "affected", "version": "SXR2250P"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WCN3620"}, {"status": "affected", "version": "WCN3660B"}, {"status": "affected", "version": "WCN3980"}, {"status": "affected", "version": "WCN3988"}, {"status": "affected", "version": "WSA8810"}, {"status": "affected", "version": "WSA8815"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8832"}, {"status": "affected", "version": "WSA8835"}]}], "descriptions": [{"lang": "en", "value": "Memory corruption while processing specific files in Powerline Communication Firmware."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2025-08-06T07:26:07.500Z"}, "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html"}], "title": "Buffer Copy Without Checking Size of Input in Powerline Communication Firmware"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-06T13:34:56.757541Z", "id": "CVE-2025-27071", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-06T13:35:05.577Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27071", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-06T13:34:56.757541Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-06T13:35:00.746Z"}}], "cna": {"title": "Buffer Copy Without Checking Size of Input in Powerline Communication Firmware", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Qualcomm, Inc.", "product": "Snapdragon", "versions": [{"status": "affected", "version": "FastConnect 6800"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "QCA6391"}, {"status": "affected", "version": "QCA6426"}, {"status": "affected", "version": "QCA6436"}, {"status": "affected", "version": "QSM8250"}, {"status": "affected", "version": "SD865 5G"}, {"status": "affected", "version": "SDM429W"}, {"status": "affected", "version": "SDX55"}, {"status": "affected", "version": "Snapdragon 429 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 865 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"}, {"status": "affected", "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"}, {"status": "affected", "version": "Snapdragon W5+ Gen 1 Wearable Platform"}, {"status": "affected", "version": "Snapdragon X55 5G Modem-RF System"}, {"status": "affected", "version": "Snapdragon XR2 5G Platform"}, {"status": "affected", "version": "SW5100"}, {"status": "affected", "version": "SW5100P"}, {"status": "affected", "version": "SXR2130"}, {"status": "affected", "version": "SXR2230P"}, {"status": "affected", "version": "SXR2250P"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WCN3620"}, {"status": "affected", "version": "WCN3660B"}, {"status": "affected", "version": "WCN3980"}, {"status": "affected", "version": "WCN3988"}, {"status": "affected", "version": "WSA8810"}, {"status": "affected", "version": "WSA8815"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8832"}, {"status": "affected", "version": "WSA8835"}], "platforms": ["Snapdragon Compute", "Snapdragon Mobile", "Snapdragon Wearables"], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html"}], "descriptions": [{"lang": "en", "value": "Memory corruption while processing specific files in Powerline Communication Firmware."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2025-08-06T07:26:07.500Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27071", "state": "PUBLISHED", "dateUpdated": "2025-08-06T13:35:05.577Z", "dateReserved": "2025-02-18T09:19:46.888Z", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "datePublished": "2025-08-06T07:26:07.500Z", "assignerShortName": "qualcomm"}, "dataVersion": "5.1"}