CVE-2025-59611— Out-of-bounds Write in Core Services
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1203 · Exploitation for Client ExecutionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-59611
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-bounds Write in Core Services
Source: NVD (National Vulnerability Database)
Vulnerability Description
Memory corruption in diagnostic services due to absence of input validation
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon | AQT1000 | - |
II. Public POCs for CVE-2025-59611
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-59611
请登录查看更多情报信息。
Same Patch Batch · Qualcomm, Inc. · 2026-06-01 · 22 CVEs total
| CVE-2026-25276 | 8.8 HIGH | Improper Validation of Array Index in Secure Processor |
| CVE-2026-25277 | 8.8 HIGH | Buffer Copy Without Checking Size of Input in Secure Processor |
| CVE-2026-24088 | 8.2 HIGH | Missing Authentication for Critical Function in Boot |
| CVE-2026-25260 | 7.8 HIGH | Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service |
| CVE-2026-25259 | 7.8 HIGH | Out-of-bounds Write in DSP Service |
| CVE-2026-25258 | 7.8 HIGH | Out-of-bounds Read in DSP Service |
| CVE-2025-59604 | 7.8 HIGH | NULL Pointer Dereference in SPS Applications |
| CVE-2025-59605 | 7.8 HIGH | Out-of-bounds Write in HLOS |
| CVE-2025-59606 | 7.8 HIGH | NULL Pointer Dereference in HLOS |
| CVE-2026-24087 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Kernel |
| CVE-2026-24085 | 7.2 HIGH | Stack-based Buffer Overflow in Display |
| CVE-2026-24089 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Kernel |
| CVE-2026-24091 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Display |
| CVE-2026-24092 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Display |
| CVE-2026-24090 | 7.1 HIGH | Missing Authentication for Critical Function in HLOS |
| CVE-2025-59614 | 6.7 MEDIUM | Out-of-bounds Write in Windows Compute |
| CVE-2025-59613 | 6.7 MEDIUM | Stack-based Buffer Overflow in Windows Compute |
| CVE-2025-59612 | 6.7 MEDIUM | Stack-based Buffer Overflow in Windows Compute |
| CVE-2025-59601 | 6.5 MEDIUM | Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware |
| CVE-2025-59610 | 6.4 MEDIUM | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Snapdragon
- CVE-2026-25277
Buffer Copy Without Checking Size of Input in Secure Process - CVE-2026-25276
Improper Validation of Array Index in Secure Processor - CVE-2026-25260
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Ser - CVE-2026-25259
Out-of-bounds Write in DSP Service - CVE-2026-25258
Out-of-bounds Read in DSP Service
Same vendor: Qualcomm, Inc.
- CVE-2026-25277
Buffer Copy Without Checking Size of Input in Secure Process - CVE-2026-25276
Improper Validation of Array Index in Secure Processor - CVE-2026-25260
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Ser - CVE-2026-25259
Out-of-bounds Write in DSP Service - CVE-2026-25258
Out-of-bounds Read in DSP Service
V. Comments for CVE-2025-59611
No comments yet