CVE-2025-21429
High
Published: 07 April 2025
Published
07 April 2025
Modified
10 February 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0069
72.3th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2025-21429 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Sa9000P Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 27.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10001
Vulnerability details
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
qualcomm
sa9000p firmware
all versions
qualcomm
sd626 firmware
all versions
qualcomm
sd660 firmware
all versions
qualcomm
sd670 firmware
all versions
qualcomm
sd730 firmware
all versions
qualcomm
sd855 firmware
all versions
qualcomm
sd865 5g firmware
all versions
qualcomm
sdm429w firmware
all versions
qualcomm
sdx55 firmware
all versions
qualcomm
sdx61 firmware
all versions
+172 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.