Cyber Resilience

CVE-2021-32025

High

Published: 10 March 2022

Published
10 March 2022
Modified
22 August 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0003 10.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-32025 is a high-severity Context Switching Race Condition (CWE-368) vulnerability in Blackberry Qnx Momentics. Its CVSS base score is 8.1 (High).

Operationally, ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions…

more

2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

blackberry
qnx momentics
6.3.0, 6.3.2
blackberry
qnx software development platform
6.4.0 — 7.0
blackberry
qnx os for medical
2.0.0 · 1.0 — 1.1.2
blackberry
qnx os for safety
1.0.0 — 1.0.3 · 2.0.0 — 2.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References