Cyber Resilience

CVE-2026-25277

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 2.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25277 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Qualcomm Cq8750M Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory corruption while using Strongbox due to buffer overflow.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow (CWE-120) enables memory corruption exploitation for privilege escalation or client-side code execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25276Same product: Qualcomm Cq8750M
CVE-2025-47394Same product: Qualcomm Fastconnect 6700
CVE-2025-47388Same product: Qualcomm Fastconnect 6700
CVE-2024-21464Same product: Qualcomm Fastconnect 6700
CVE-2025-47389Same product: Qualcomm Fastconnect 6700
CVE-2024-45541Same product: Qualcomm Fastconnect 6700
CVE-2024-45547Same product: Qualcomm Fastconnect 6900
CVE-2024-43055Same product: Qualcomm Fastconnect 6900
CVE-2026-21382Same product: Qualcomm Fastconnect 6900
CVE-2025-47399Same product: Qualcomm Fastconnect 7800

Affected Assets

qualcomm
cq8750m firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
g3x gen 2 firmware
all versions
qualcomm
pandeiro firmware
all versions
qualcomm
qca6391 firmware
all versions
qualcomm
qca6698au firmware
all versions
qualcomm
qca6797aq firmware
all versions
+47 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References