Cyber Resilience

CVE-2025-59605

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59605 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Qualcomm Snapdragon G1 Gen 2 Gaming Platform Firmware. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory Corruption when processing device identifier strings that exceed the expected maximum length.

CWE(s)

Related Threats

CVEs Like This One

CVE-2025-47373Same product: Qualcomm Ar8035
CVE-2025-47346Same product: Qualcomm Ar8035
CVE-2026-25259Same product: Qualcomm Fastconnect 6700
CVE-2025-59603Same product: Qualcomm Fastconnect 6900
CVE-2025-59604Same product: Qualcomm Ar8035
CVE-2026-24085Same product: Qualcomm Ar8035
CVE-2026-24091Same product: Qualcomm Ar8035
CVE-2025-47392Same product: Qualcomm Ar8035
CVE-2024-38420Same product: Qualcomm Ar8035
CVE-2025-47386Same product: Qualcomm Ar8035

Affected Assets

qualcomm
snapdragon g1 gen 2 gaming platform firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
csra6620 firmware
all versions
qualcomm
csra6640 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
g2 gen 1 firmware
all versions
+130 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References