Cyber Resilience

CVE-2026-25276

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 2.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25276 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Qualcomm Cq8750M Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory corruption while using Strongbox due to missing bounds check.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Memory corruption (CWE-129) directly enables local exploitation for privilege escalation via out-of-bounds access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-49843Same product: Qualcomm Fastconnect 7800
CVE-2024-49832Same product: Qualcomm Fastconnect 6900
CVE-2024-49833Same product: Qualcomm Fastconnect 6700
CVE-2026-25277Same product: Qualcomm Cq8750M
CVE-2024-45582Same product: Qualcomm Fastconnect 6900
CVE-2024-49836Same product: Qualcomm Fastconnect 6900
CVE-2024-49834Same product: Qualcomm Fastconnect 6700
CVE-2024-53014Same product: Qualcomm Fastconnect 6700
CVE-2024-45550Same product: Qualcomm Fastconnect 6900
CVE-2025-47393Same product: Qualcomm Qca6797Aq

Affected Assets

qualcomm
cq8750m firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
g3x gen 2 firmware
all versions
qualcomm
pandeiro firmware
all versions
qualcomm
qca6391 firmware
all versions
qualcomm
qca6698au firmware
all versions
qualcomm
qca6797aq firmware
all versions
+47 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References