CVE-2026-25276
High
Published: 01 June 2026
Published
01 June 2026
Modified
02 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0001
2.0th percentile
Risk Priority
18
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-25276 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Qualcomm Cq8750M Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-33826
Vulnerability details
Memory corruption while using Strongbox due to missing bounds check.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?
Memory corruption (CWE-129) directly enables local exploitation for privilege escalation via out-of-bounds access.
Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1
CVEs Like This One
CVE-2024-49843Same product: Qualcomm Fastconnect 7800
CVE-2024-49832Same product: Qualcomm Fastconnect 6900
CVE-2024-49833Same product: Qualcomm Fastconnect 6700
CVE-2026-25277Same product: Qualcomm Cq8750M
CVE-2024-45582Same product: Qualcomm Fastconnect 6900
CVE-2024-49836Same product: Qualcomm Fastconnect 6900
CVE-2024-49834Same product: Qualcomm Fastconnect 6700
CVE-2024-53014Same product: Qualcomm Fastconnect 6700
CVE-2024-45550Same product: Qualcomm Fastconnect 6900
CVE-2025-47393Same product: Qualcomm Qca6797Aq
Affected Assets
qualcomm
cq8750m firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
g3x gen 2 firmware
all versions
qualcomm
pandeiro firmware
all versions
qualcomm
qca6391 firmware
all versions
qualcomm
qca6698au firmware
all versions
qualcomm
qca6797aq firmware
all versions
+47 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.