Security Advisory

Qualcomm Product Security Update Advisory

  • Nov 10 2025
Qualcomm Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in Qualcomm products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-27070

 

AR8035, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, Qamsrv1m, qca6174a, qca6391, qca6421, qca6426, qca6431, qca6436, qca6574, qca6574a, qca6574au, qca6584au, qca6595, qca6595au, qca6678aq, qca6688aq, qca6696, qca6698aq, Qca6797aq, qca8081, qca8337, qcc710, qcm4325, qcm5430, qcm6490, qcm8550, qcn6024, qcn6224, qcn6274, qcn9011, qcn9012, qcn9024, qcn9274, qcs5430, qcs615, qcs6490, Qcs8300, qcs8550, qcs9100, qdu1000, qdu1010, qdu1110, qdu1210, qdx1010, qdx1011, qep8111, qfw7114, qfw7124, qmp1000, qru1032, qru1052, qru1062, qsm8350, Qualcomm® Video Collaboration VC3 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SA8530P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SC8380XP, SD 8 Gen1 5G, SD865 5G, SDX61, SG4150P, SG8275P, SM4635, SM6650, SM6650P, SM7250P, SM7635, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735, SM8750, SM8750P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 695 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB), Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform “Luna1”, Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Srv1h, srv1l, srv1m, ssg2115p, ssg2125p, sxr1230p, sxr2130, sxr2230p, sxr2250p, sxr2330p, wcd9340, wcd9370, wcd9375, wcd9378, wcd9380, wcd9385, wcd9390, wcd9395, Wcn3950, wcn3988, wcn6450, wcn6650, wcn6755, wcn7750, wcn7860, wcn7861, wcn7880, wcn7881, wsa8810, wsa8815, wsa8830, wsa8832, wsa8835, wsa8840, wsa8845, wsa8845h

 

CVE-2025-27074

 

APQ8064AU, CSR8811, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, IPQ5010, IPQ5028, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, Ipq8173, ipq8174, ipq9008, ipq9574, mdm9640, mdm9650, msm8996au, pmp8074, qca4024, qca6174a, qca6234, qca6310, qca6320, qca6428, Qca6438, qca6564a, qca6564au, qca6574, qca6574a, qca6574au, qca6584au, qca6694, qca8072, qca8075, qca8081, qca9888, qca9889, qca9984, Qcn5022, qcn5024, qcn5052, qcn5054, qcn5064, qcn5122, qcn5124, qcn5152, qcn5154, qcn5164, qcn5550, qcn6023, qcn6024, qcn6100, qcn6102, Qcn6112, qcn6122, qcn6132, qcn9000, qcn9001, qcn9002, qcn9003, qcn9012, qcn9022, qcn9024, qcn9070, qcn9072, qcn9074, qcn9100, qcn9274, SD820, SD821, SDM429W, SDX55, Snapdragon 429 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 820 Mobile Platform, Snapdragon 821 Mobile Platform, Snapdragon Wear 4100+ Platform, WCD9335, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3980, WSA8810, WSA8815

 

CVE-2025-47352

 

FastConnect 7800, QCC2072, WCD9378C, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039

 

CVE-2025-47353

 

Qam8255p, qam8650p, qam8775p, qamsrv1h, qamsrv1m, qca6595, qca6698aq, qca6797aq, sa7255p, sa7775p, sa8255p, sa8620p, sa8650p, sa8770p, sa8775p, sa9000p, srv1h, srv1m

 

CVE-2025-47357

 

Qam8255p, qam8620p, qam8650p, qam8775p, qamsrv1h, qamsrv1m, qca6595, qca6595au, qca6678aq, qca6696, qca6698aq, Qca6797aq, qcs9100, sa7255p, sa7775p, sa8255p, sa8620p, sa8650p, sa8770p, sa8775p, sa9000p, srv1h, srv1l, srv1m

 

CVE-2025-47360

 

Qam8255p, qam8295p, qam8620p, qam8650p, qam8775p, qamsrv1h, qamsrv1m, qca6574au, qca6595, qca6595au, qca6688aq, qca6696, qca6698aq, qca6797aq, qca8695au, sa6145p, Sa6150p, sa6155p, sa7255p, sa7775p, sa8145p, sa8150p, sa8155p, sa8195p, sa8255p, sa8295p, sa8540p, sa8620p, sa8650p, sa8770p, sa8775p, sa9000p, srv1h, srv1l, srv1m

 

CVE-2025-47361

 

Qam8255p, qam8295p, qam8620p, qam8650p, qam8775p, qamsrv1h, qamsrv1m, qca6574au, qca6595, qca6595au, qca6688aq, qca6696, qca6698aq, Qca6797aq, qca8695au, sa7255p, sa7775p, sa8255p, sa8295p, sa8540p, sa8620p, sa8650p, sa8770p, sa8775p, sa9000p, srv1h, srv1l, srv1m

 

CVE-2025-47362

 

Msm8996au, qam8255p, qam8295p, qam8620p, qam8650p, qam8775p, qamsrv1h, qamsrv1m, qca6574au, qca6584au, qca6595, qca6595au, qca6688aq, qca6696, qca6698aq, qca6797aq, qca8695au, sa6145p, sa6150p, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155P, SA8195P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, Snapdragon 820 Automotive Platform, SRV1H, SRV1L, SRV1M

 

CVE-2025-47365

 

Qam8255p, qam8295p, qam8620p, qam8650p, qam8775p, qamsrv1h, qamsrv1m, qca6574au, qca6595, qca6595au, qca6688aq, qca6696, qca6698aq, qca6797aq, qca8695au, sa6145p, Sa6150p, sa6155p, sa7255p, sa7775p, sa8145p, sa8150p, sa8155p, sa8195p, sa8255p, sa8295p, sa8540p, sa8620p, sa8650p, sa8770p, sa8775p, sa9000p, srv1h, srv1l, srv1m

 

CVE-2025-47367

 

FastConnect 6700, FastConnect 6900, FastConnect 7800, QCC2072, QCM5430, QCM6490, QCS5430, QCS6490, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, Snapdragon 7c+ Gen 3 Compute, Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB), WCD9370, WCD9375, WCD9378C, WCD9380, WCD9385, WSA8830, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039

 

CVE-2025-47368

 

FastConnect 6900, FastConnect 7800, SC8380XP, WCD9380, WCD9385, WSA8840, WSA8845, WSA8845H

 

CVE-2025-47370

 

AR8035, CSRB31024, FastConnect 6700, FastConnect 6900, FastConnect 7800, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6391, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, Qca6678aq, qca6688aq, qca6696, qca6698aq, qca6777aq, qca6787aq, qca6797aq, qca8081, qca8337, qca8695au, qcc2073, Qcc2076, qcc5161, qcc710, qcc7225, qcc7226, qcc7228, qcm4490, qcm5430, qcm6490, qcn6224, qcn6274, qcn7605, QCN7606, QCN9011, QCN9012, QCS4490, QCS5430, QCS615, QCS6490, QCS8550, QCS9100, QFW7114, QFW7124, QMP1000, Qualcomm® Video Collaboration VC3 Platform, S3 Gen 2 Sound Platform, S3 Sound Platform, S5 Gen 2 Sound Platform, S5 Sound Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SC8380XP, SDX55, SM7325P, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735, SM8750, SM8750P, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform “Luna1”, Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon Auto 4G Modem, SRV1H, SRV1M, SSG2115P, SSG2125P, Sxr1230p, sxr2230p, sxr2250p, sxr2330p, sxr2350p, wcd9340, wcd9360, wcd9370, wcd9375, wcd9375, wcd9378, wcd9380, wcd9385, Wcd9390, wcd9395, wcn3950, wcn6755, wcn7750, wsa8810, wsa8815, wsa8830, wsa8832, wsa8835, wsa8840, wsa8845, wsa8845h

 

CVE-2025-27064

 

FastConnect 6900, FastConnect 7800, Immersive Home 3210 Platform, Immersive Home 326 Platform, IPQ5300, IPQ5302, IPQ5312, IPQ5332, IPQ5424, IPQ9008, IPQ9048, IPQ9554, IPQ9570, IPQ9574, MDM9628, QAM8255P, Qam8650p, qca0000, qca6564a, qca6564au, qca6574a, qca6574au, qca6584au, qca6595au, qca6678aq, qca6688aq, qca6698aq, qca8075, qca8080, qca8081, qca8082, qca8084, qca8085, qca8101, qca8102, qca8111, qca8112, Qca8384, qca8385, qca8386, qca9367, qca9377, qcf8000, qcf8001, qcn5124, qcn5224, qcn6402, qcn6412, qcn6422, qcn6432, qcn9000, qcn9012, qcn9024, qcn9074, qcn9074, qcn9160, qcn9274, qxm8083, sa4150p, sa4155p, sa6155p, SA7255P, SA8155P, SA8195P, SA8255P, SA8530P, SA8540P, SA8650P, SA9000P, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon Auto 5G Modem-RF Gen 2, SXR2250P, WCD9380, WCN3660B, WCN3680B, WCN3980, WSA8830, WSA8835

 

 

Resolved Vulnerabilities

 

Out-of-bounds write vulnerability in Windows Compute in Qualcomm products (CVE-2025-27070)
Buffer Size Calculation Error Vulnerability in SCE-Mink Components in Qualcomm Products (CVE-2025-27074)
Improper array index validation vulnerability in Audio in Qualcomm products (CVE-2025-47352)
Risky method and function exposure vulnerability in QNX-based automotive software platforms in Qualcomm products (CVE-2025-47353)
Critical Function Authentication Missing Vulnerability in SMSS in Qualcomm products (CVE-2025-47357)
Stack Buffer Overflow Vulnerability in QNX-based Automotive Software Platforms in Qualcomm Products (CVE-2025-47360)
Improper array index validation vulnerability in QNX-based automotive software platforms in Qualcomm products (CVE-2025-47361)
Buffer Out-of-Bounds Read Vulnerability in QNX-based Automotive Software Platforms in Qualcomm Products (CVE-2025-47362)
Integer Overflow and Value Cycling Vulnerability in Qualcomm Products’ Automotive Platform (CVE-2025-47365)
Out-of-bounds write vulnerability in WinBlast Driver in Qualcomm products (CVE-2025-47367)
Buffer Out-of-Bounds Read Vulnerability in DSP Service in Qualcomm Products (CVE-2025-47368)
Reachable Assertion Vulnerability in BT Controller in Qualcomm Products (CVE-2025-47370)
External Input Triggered Assertion Check Failure Vulnerability in Core Services in Qualcomm Products (CVE-2025-27064)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

Cve-2025-27070, cve-2025-27074, cve-2025-47352, cve-2025-47353, cve-2025-47357, cve-2025-47360, cve-2025-47361, cve-2025-47362, cve-2025-47365, cve-2025-47367, cve-2025-47368, cve-2025-47370, cve-2025-27064

 

Apply security updates distributed by each manufacturer

 

 

References

 

[1] November 2025 Security Bulletin
https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

 

Tags:
Previous Post

Next Post