Cyber Resilience

CVE-2026-25258

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25258 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Qualcomm Cologne Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory corruption while processing IOCTL calls for escape operations.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

Memory corruption in IOCTL escape handling directly enables local kernel exploitation for privilege escalation (T1068) or container/VM host escape (T1611).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21382Same product: Qualcomm Cologne
CVE-2025-47356Same product: Qualcomm Cologne
CVE-2026-21380Same product: Qualcomm Cologne
CVE-2026-25259Same product: Qualcomm Cologne
CVE-2025-47343Same product: Qualcomm Cologne
CVE-2025-47358Same product: Qualcomm Fastconnect 6900
CVE-2025-47399Same product: Qualcomm Cologne
CVE-2025-59603Same product: Qualcomm Cologne
CVE-2025-47390Same product: Qualcomm Cologne
CVE-2024-45546Same product: Qualcomm Fastconnect 6900

Affected Assets

qualcomm
cologne firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
iqx5121 firmware
all versions
qualcomm
iqx7181 firmware
all versions
qualcomm
qca0000 firmware
all versions
qualcomm
sc8380xp firmware
all versions
qualcomm
wcd9378c firmware
all versions
qualcomm
wcd9380 firmware
all versions
qualcomm
wcd9385 firmware
all versions
+11 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References