CVE-2025-59605
High
Published: 01 June 2026
Published
01 June 2026
Modified
02 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0001
2.0th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2025-59605 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Qualcomm Snapdragon G1 Gen 2 Gaming Platform Firmware. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-210020
Vulnerability details
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
- CWE(s)
Related Threats
CVEs Like This One
CVE-2025-47373Same product: Qualcomm Ar8035
CVE-2025-47346Same product: Qualcomm Ar8035
CVE-2026-25259Same product: Qualcomm Fastconnect 6700
CVE-2025-59603Same product: Qualcomm Fastconnect 6900
CVE-2025-59604Same product: Qualcomm Ar8035
CVE-2026-24085Same product: Qualcomm Ar8035
CVE-2026-24091Same product: Qualcomm Ar8035
CVE-2025-47392Same product: Qualcomm Ar8035
CVE-2024-38420Same product: Qualcomm Ar8035
CVE-2025-47386Same product: Qualcomm Ar8035
Affected Assets
qualcomm
snapdragon g1 gen 2 gaming platform firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
csra6620 firmware
all versions
qualcomm
csra6640 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
g2 gen 1 firmware
all versions
+130 more product configuration(s) — see NVD for full list
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
addresses: CWE-787
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.