Cyber Resilience

CVE-2025-21459

High

Published: 06 May 2025

Published
06 May 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0045 64.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21459 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Ar8035 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 35.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Protocol-Specific Risks risk domain.

EU & UK References

Vulnerability details

Transient DOS while parsing per STA profile in ML IE.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ml

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability causes a transient denial of service during parsing of per STA profile in ML IE, enabling endpoint DoS via application or system exploitation in Wi-Fi components.

Affected Assets

qualcomm
ar8035 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
flight rb5 5g firmware
all versions
qualcomm
qam8255p firmware
all versions
qualcomm
qam8295p firmware
all versions
qualcomm
qam8620p firmware
all versions
qualcomm
qam8650p firmware
all versions
qualcomm
qam8775p firmware
all versions
+114 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References