Vulnerabilities ›

CVE-2026-25258

High

CWE-125 — Weakness Type

                    Published: Jun 1, 2026                      ·  Modified: Jun 8, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Memory corruption while processing IOCTL calls for escape operations.

🤖 AI Executive Summary

CVE-2026-25258 involves memory corruption vulnerabilities in IOCTL call processing for escape operations, affecting system stability and security. Attackers could exploit this to cause denial of service or potentially execute arbitrary code with elevated privileges.

📄 Description (Arabic)

تتعلق هذه الثغرة بمعالجة غير آمنة لاستدعاءات IOCTL المتعلقة بعمليات الهروب، مما يؤدي إلى تلف الذاكرة. قد يستغل المهاجمون هذا الضعف للوصول غير المصرح به أو تعطيل الخدمات الحرجة.

🤖 ملخص تنفيذي (AI)

يتعلق CVE-2026-25258 بثغرات تلف الذاكرة في معالجة استدعاءات IOCTL لعمليات الهروب، مما يؤثر على استقرار النظام والأمان. يمكن للمهاجمين استغلال هذا لإحداث رفض الخدمة أو تنفيذ كود عشوائي بامتيازات مرتفعة.

🤖 AI Intelligence Analysis Analyzed: Jun 6, 2026 18:10

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1548 T1547 T1055 T1499

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Apply security patches immediately when available from your operating system vendor. Implement strict access controls limiting IOCTL operations to authorized users only. Monitor system logs for suspicious IOCTL calls and memory access patterns. Disable unnecessary escape operations if not required for business operations.

🔧 خطوات المعالجة (العربية)

طبق تصحيحات الأمان فوراً عند توفرها من بائع نظام التشغيل. طبق ضوابط وصول صارمة تحد من عمليات IOCTL للمستخدمين المصرح لهم فقط. راقب سجلات النظام للكشف عن استدعاءات IOCTL المريبة وأنماط الوصول للذاكرة. عطل عمليات الهروب غير الضرورية إن لم تكن مطلوبة للعمليات التجارية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1 2.2 3.1 4.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.PT-1 DE.CM-1

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

product-security@qualcomm.com

Vendor Advisory

📦 Affected Products / CPE 21 entries

qualcomm:cologne_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:iqx5121_firmware:-

qualcomm:iqx7181_firmware:-

qualcomm:qca0000_firmware:-

qualcomm:sc8380xp_firmware:-

qualcomm:wcd9378c_firmware:-

qualcomm:wcd9380_firmware:-

qualcomm:wcd9385_firmware:-

qualcomm:wsa8840_firmware:-

qualcomm:wsa8845_firmware:-

qualcomm:wsa8845h_firmware:-

qualcomm:x2000077_firmware:-

qualcomm:x2000086_firmware:-

qualcomm:x2000090_firmware:-

qualcomm:x2000092_firmware:-

qualcomm:x2000094_firmware:-

qualcomm:xg101002_firmware:-

qualcomm:xg101032_firmware:-

qualcomm:xg101039_firmware:-

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-125

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-06-01

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-125

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-25258

Introduce Yourself

Sign In Required