securityonline.info 9/2/2025, 3:45:24 AM · via preferred

Critical CVE-2025-21483 & CVE-2025-27034 in Qualcomm Modems Score CVSS 9.8

Critical CVE-2025-21483 & CVE-2025-27034 in Qualcomm Modems Score CVSS 9.8

QUALCOMM has published its September 2025 Security Bulletin, outlining dozens of fixes across chipsets, connectivity stacks and automotive platforms, including two critical flaws rated CVSS 9.8. The first, CVE-2025-21483, lies in the Data Network Stack & Connectivity components and is described as memory corruption when the UE reassembles NALUs after receiving an RTP packet from the network; it can be triggered remotely without authentication or user interaction.

The second, CVE-2025-27034, affects the Multi-Mode Call Processor and is described as memory corruption while selecting the PLMN from the SOR failed list; it is also remotely exploitable with the same CVSS rating. Impacted hardware includes Snapdragon X70/X72/X75 modem-RF systems, Snapdragon 8 Gen platforms and several QCM/QCS chipsets, with broader affected families including certain Snapdragon mobile platforms.

With both flaws presenting remote code execution risk, Qualcomm notes attackers could hijack calls, exfiltrate data or install persistent malware if updates are not applied; OEMs and end-users are urged to deploy firmware updates immediately according to Qualcomm.

View full article

Article by CyberSIXT