CVE-2025-59609— Buffer Over-read in WLAN Host Communication
Possible ATT&CK Techniques 1AI
T1213 · Data from Information RepositoriesAffected Version Matrix 190
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon | AR8035 | affected |
CSR8811 | affected | ||
CSRA6620 | affected | ||
CSRA6640 | affected | ||
FastConnect 6700 | affected | ||
FastConnect 6900 | affected | ||
FastConnect 7800 | affected | ||
Flight RB5 5G Platform | affected | ||
| … +182 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-59609
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer Over-read in WLAN Host Communication
Source: NVD (National Vulnerability Database)
Vulnerability Description
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区上溢读取
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon | AR8035 | - |
II. Public POCs for CVE-2025-59609
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-59609
请登录查看更多情报信息。
Same Patch Batch · Qualcomm, Inc. · 2026-06-01 · 22 CVEs total
| CVE-2026-25276 | 8.8 HIGH | Improper Validation of Array Index in Secure Processor |
| CVE-2026-25277 | 8.8 HIGH | Buffer Copy Without Checking Size of Input in Secure Processor |
| CVE-2026-24088 | 8.2 HIGH | Missing Authentication for Critical Function in Boot |
| CVE-2026-25260 | 7.8 HIGH | Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service |
| CVE-2026-25259 | 7.8 HIGH | Out-of-bounds Write in DSP Service |
| CVE-2026-25258 | 7.8 HIGH | Out-of-bounds Read in DSP Service |
| CVE-2025-59604 | 7.8 HIGH | NULL Pointer Dereference in SPS Applications |
| CVE-2025-59605 | 7.8 HIGH | Out-of-bounds Write in HLOS |
| CVE-2025-59606 | 7.8 HIGH | NULL Pointer Dereference in HLOS |
| CVE-2026-24087 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Kernel |
| CVE-2026-24085 | 7.2 HIGH | Stack-based Buffer Overflow in Display |
| CVE-2026-24089 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Kernel |
| CVE-2026-24091 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Display |
| CVE-2026-24092 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Display |
| CVE-2026-24090 | 7.1 HIGH | Missing Authentication for Critical Function in HLOS |
| CVE-2025-59614 | 6.7 MEDIUM | Out-of-bounds Write in Windows Compute |
| CVE-2025-59613 | 6.7 MEDIUM | Stack-based Buffer Overflow in Windows Compute |
| CVE-2025-59612 | 6.7 MEDIUM | Stack-based Buffer Overflow in Windows Compute |
| CVE-2025-59611 | 6.7 MEDIUM | Out-of-bounds Write in Core Services |
| CVE-2025-59601 | 6.5 MEDIUM | Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Snapdragon
- CVE-2026-25277
Buffer Copy Without Checking Size of Input in Secure Process - CVE-2026-25276
Improper Validation of Array Index in Secure Processor - CVE-2026-25260
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Ser - CVE-2026-25259
Out-of-bounds Write in DSP Service - CVE-2026-25258
Out-of-bounds Read in DSP Service
Same vendor: Qualcomm, Inc.
- CVE-2026-25277
Buffer Copy Without Checking Size of Input in Secure Process - CVE-2026-25276
Improper Validation of Array Index in Secure Processor - CVE-2026-25260
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Ser - CVE-2026-25259
Out-of-bounds Write in DSP Service - CVE-2026-25258
Out-of-bounds Read in DSP Service
Same weakness: CWE-126
- CVE-2026-45684
OpenTelemetry eBPF Instrumentation: Log enricher writev path - CVE-2026-6575
PostgreSQL pg_restore_attribute_stats accepts values that ca - CVE-2026-8463
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perf - CVE-2025-47406
Buffer Over-read in DSP Service - CVE-2025-47403
Buffer Over-read in WLAN Firmware
V. Comments for CVE-2025-59609
No comments yet