Vulnerabilities ›

CVE-2025-59611

Medium

CWE-787 — Weakness Type

                    Published: Jun 1, 2026                      ·  Modified: Jun 4, 2026                      ·  Source: NVD                

CVSS v3

6.7

🔗 NVD Official

📄 Description (English)

Memory corruption in diagnostic services due to absence of input validation

🤖 AI Executive Summary

CVE-2025-59611 is a medium-severity memory corruption vulnerability in diagnostic services caused by insufficient input validation. Without available patches and no public exploits, this represents a moderate but manageable risk requiring immediate compensating controls. Organizations should prioritize input validation hardening and memory protection mechanisms while awaiting vendor patches.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Jun 2, 2026 02:18

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations using diagnostic services in critical infrastructure, particularly: (1) ARAMCO and energy sector operations relying on diagnostic tools for SCADA/ICS systems; (2) Banking sector (SAMA-regulated institutions) using diagnostic services for transaction processing systems; (3) Government agencies (NCA oversight) operating diagnostic infrastructure; (4) Telecom providers (STC, Mobily) managing network diagnostic services. Memory corruption could lead to system crashes, data exfiltration, or lateral movement within critical systems.

🏢 Affected Saudi Sectors

Energy (ARAMCO, oil & gas operations) Banking (SAMA-regulated institutions) Government (NCA oversight agencies) Telecommunications (STC, Mobily) Healthcare (diagnostic systems) Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1499 - Endpoint Denial of Service T1055 - Process Injection T1543 - Create or Modify System Process

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all systems running diagnostic services in your environment and document versions

2. Implement network segmentation to isolate diagnostic service endpoints from critical systems

3. Enable memory protection mechanisms (ASLR, DEP/NX, stack canaries) on affected systems

4. Restrict access to diagnostic services using firewall rules and access control lists

5. Monitor diagnostic service logs for unusual input patterns or crashes



Compensating Controls:

1. Deploy input validation at network boundary using WAF/IPS rules to filter malformed diagnostic requests

2. Implement strict input sanitization in any custom diagnostic tools

3. Run diagnostic services in sandboxed/containerized environments with resource limits

4. Enable core dumps and crash analysis to detect exploitation attempts

5. Implement rate limiting on diagnostic service endpoints



Detection Rules:

1. Monitor for diagnostic service crashes or unexpected terminations

2. Alert on memory access violations or segmentation faults in diagnostic processes

3. Track unusual input sizes or special characters in diagnostic service requests

4. Monitor for privilege escalation attempts following diagnostic service interactions

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل خدمات التشخيص في بيئتك وتوثيق الإصدارات

2. تنفيذ تقسيم الشبكة لعزل نقاط نهاية خدمة التشخيص عن الأنظمة الحرجة

3. تفعيل آليات حماية الذاكرة (ASLR, DEP/NX, stack canaries) على الأنظمة المتأثرة

4. تقييد الوصول إلى خدمات التشخيص باستخدام قواعد جدار الحماية وقوائم التحكم في الوصول

5. مراقبة سجلات خدمة التشخيص للبحث عن أنماط إدخال غير عادية أو أعطال

الضوابط التعويضية:

1. نشر التحقق من صحة المدخلات على حدود الشبكة باستخدام قواعد WAF/IPS لتصفية طلبات التشخيص المشوهة

2. تنفيذ تطهير صارم للمدخلات في أي أدوات تشخيص مخصصة

3. تشغيل خدمات التشخيص في بيئات معزولة/محتوية مع حدود الموارد

4. تفعيل تحليل الأساس والأعطال لاكتشاف محاولات الاستغلال

5. تنفيذ تحديد معدل على نقاط نهاية خدمة التشخيص

قواعد الكشف:

1. مراقبة أعطال خدمة التشخيص أو الإنهاء غير المتوقع

2. التنبيه على انتهاكات الوصول إلى الذاكرة أو أخطاء التجزئة في عمليات التشخيص

3. تتبع أحجام الإدخال غير العادية أو الأحرف الخاصة في طلبات خدمة التشخيص

4. مراقبة محاولات تصعيد الامتيازات بعد التفاعلات مع خدمة التشخيص

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - System development and change management ECC 2024 A.14.2.5 - Access control for program source code ECC 2024 A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.RA-1 - Asset management and vulnerability identification PR.DS-6 - Data security and integrity controls DE.CM-8 - Vulnerability scans and assessments

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development policy A.12.2.1 - Monitoring and management of network

🟣 PCI DSS v4.0.1

Requirement 6.2 - Security patches and updates Requirement 11.2 - Vulnerability scanning

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

product-security@qualcomm.com

Vendor Advisory

📦 Affected Products / CPE 50 entries

qualcomm:aqt1000_firmware:-

qualcomm:cologne_firmware:-

qualcomm:fastconnect_6200_firmware:-

qualcomm:fastconnect_6700_firmware:-

qualcomm:fastconnect_6800_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:iqx5121_firmware:-

qualcomm:iqx7181_firmware:-

qualcomm:qca0000_firmware:-

qualcomm:qca6391_firmware:-

qualcomm:qca6420_firmware:-

qualcomm:qca6430_firmware:-

qualcomm:qcm5430_firmware:-

qualcomm:qcm6490_firmware:-

qualcomm:video_collaboration_vc3_platform_firmware:-

qualcomm:sc8380xp_firmware:-

qualcomm:sm6250_firmware:-

qualcomm:snapdragon_7c_compute_platform_firmware:-

qualcomm:snapdragon_7c_gen_2_compute_platform_firmware:-

qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-

qualcomm:snapdragon_8c_compute_platform_firmware:-

qualcomm:snapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmware:-

qualcomm:snapdragon_8cx_compute_platform_firmware:-

qualcomm:snapdragon_8cx_compute_platform_\"poipu_pro\"_firmware:-

qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_firmware:-

qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\"poipu_pro\"_firmware:-

qualcomm:snapdragon_8cx_gen_3_compute_platform_firmware:-

qualcomm:wcd9340_firmware:-

qualcomm:wcd9341_firmware:-

qualcomm:wcd9370_firmware:-

qualcomm:wcd9375_firmware:-

qualcomm:wcd9378c_firmware:-

qualcomm:wcd9380_firmware:-

qualcomm:wcd9385_firmware:-

qualcomm:wsa8810_firmware:-

qualcomm:wsa8815_firmware:-

qualcomm:wsa8830_firmware:-

qualcomm:wsa8835_firmware:-

qualcomm:wsa8840_firmware:-

qualcomm:wsa8845_firmware:-

qualcomm:wsa8845h_firmware:-

qualcomm:x2000077_firmware:-

qualcomm:x2000086_firmware:-

qualcomm:x2000090_firmware:-

qualcomm:x2000092_firmware:-

qualcomm:x2000094_firmware:-

qualcomm:xg101002_firmware:-

qualcomm:xg101032_firmware:-

qualcomm:xg101039_firmware:-

📊 CVSS Score

6.7

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.7

CWECWE-787

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-06-01

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-787

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2025-59611

Introduce Yourself

Sign In Required