Information Disclosure Vulnerability in VoLTE/VoWiFi IMS Call by Qualcomm
CVE-2024-53026

8.2HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 3 June 2025

What is CVE-2024-53026?

An information disclosure vulnerability exists when an invalid RTCP packet is processed during a Voice over LTE (VoLTE) or Voice over Wi-Fi (VoWiFi) IMS call. This can potentially expose sensitive information during the communication process, enabling unauthorized access to certain data streams. Users may be at risk if they use affected Qualcomm IMS products without applying the necessary security patches.

Affected Version(s)

Snapdragon Snapdragon Auto APQ8017

Snapdragon Snapdragon Auto APQ8064AU

Snapdragon Snapdragon Auto AQT1000

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2025
Vulnerability Reserved
Nov 19, 2024