Information Disclosure Vulnerability in Qualcomm Products
CVE-2025-21431

5.5MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 7 April 2025

Summary

An information disclosure vulnerability allows unauthorized access to sensitive data when a guest virtual machine (VM) interacts within the Qualcomm Virtualization Platform. This risk arises during the operation of guest VMs, potentially exposing confidential information to other virtual machines or malicious actors. Users of the affected products should ensure appropriate security measures are in place to mitigate this risk.

Affected Version(s)

Snapdragon Snapdragon Auto QAM8255P

Snapdragon Snapdragon Auto QAM8295P

Snapdragon Snapdragon Auto QAM8620P

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Dec 18, 2024