CVE-2025-59612 - Vulnerability Details

- Stack-based Buffer Overflow in Windows Compute

Description

Memory corruption in windows drivers while sending incorrect trusted application request

Published: 2026-06-01

Score: 6.7 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability that causes a stack-based buffer overflow in Qualcomm Snapdragon Windows drivers when they process an incorrect trusted application request. The flaw can corrupt memory, potentially allowing an attacker to execute arbitrary code or trigger a denial of service. This weakness is classified as CWE‑121 and poses a risk of privilege escalation on affected systems.

Affected Systems

Qualcomm Snapdragon devices running the Windows interface are potentially affected. Specific driver versions are not disclosed, so all Qualcomm Snapdragon Windows drivers that implement the trusted application request handling remain vulnerable until a vendor fix is released. Additional details would be available in updated vendor release notes.

Risk and Exploitability

The CVSS score of 6.7 indicates moderate severity. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is local, where a user or process can forge an incorrect trusted application request to the driver. Without a publicly known exploit, the precise risk is uncertain; however, the memory corruption could be leveraged to elevate privileges if local code execution is achieved.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`Cologne`	affected	—
`FastConnect 6700`	affected	—
`FastConnect 6900`	affected	—
`FastConnect 7800`	affected	—
`QCA0000`	affected	—
`QCM5430`	affected	—
`QCM6490`	affected	—
`Qualcomm Video Collaboration VC3 Platform`	affected	—
`SC8380XP`	affected	—
`Snapdragon 7c+ Gen 3 Compute`	affected	—
`Snapdragon 8cx Gen 3 Compute Platform`	affected	—
`WCD9370`	affected	—
`WCD9375`	affected	—
`WCD9378C`	affected	—
`WCD9380`	affected	—
`WCD9385`	affected	—
`WSA8830`	affected	—
`WSA8835`	affected	—
`WSA8840`	affected	—
`WSA8845`	affected	—
`WSA8845H`	affected	—
`X2000077`	affected	—
`X2000086`	affected	—
`X2000090`	affected	—
`X2000092`	affected	—
`X2000094`	affected	—
`XG101002`	affected	—
`XG101032`	affected	—
`XG101039`	affected	—

No data.

Vendor Product Confidence Versions

Qualcomm

Snapdragon

95%

Version	Status	Scheme	Platform
`Cologne`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`FastConnect 6700`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`FastConnect 6900`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`FastConnect 7800`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`QCA0000`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`QCM5430`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`QCM6490`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`Qualcomm Video Collaboration VC3 Platform`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`SC8380XP`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`Snapdragon 7c+ Gen 3 Compute`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`Snapdragon 8cx Gen 3 Compute Platform`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WCD9370`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WCD9375`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WCD9378C`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WCD9380`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WCD9385`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WSA8830`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WSA8835`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WSA8840`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WSA8845`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`WSA8845H`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`X2000077`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`X2000086`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`X2000090`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`X2000092`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`X2000094`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`XG101002`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`XG101032`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']
`XG101039`	affected	generic	['snapdragon_compute', 'snapdragon_industrial_iot']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Verify that Qualcomm Snapdragon drivers are installed and check for updates on Qualcomm’s website.
Apply any released patch or newer driver version that addresses the buffer overflow.
If an update is unavailable, restrict or disable the vulnerable driver interface and isolate the device to limit local code execution.

Generated by OpenCVE AI on June 1, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

History

Tue, 02 Jun 2026 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm snapdragon
Vendors & Products		Qualcomm Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type	Values Removed	Values Added
Description		Memory corruption in windows drivers while sending incorrect trusted application request
Title		Stack-based Buffer Overflow in Windows Compute
Weaknesses		CWE-121
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Qualcomm Snapdragon

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2026-06-01T22:05:31.596Z

Updated: 2026-06-02T03:55:59.297Z

Reserved: 2025-09-18T03:19:23.202Z

Link: CVE-2025-59612

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-01T23:16:16.633

Modified: 2026-06-01T23:16:16.633

Link: CVE-2025-59612

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-02T02:00:13Z

Weaknesses

CWE-121

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object