Vulnerabilities ›

CVE-2026-25259

High

CWE-787 — Weakness Type

                    Published: Jun 1, 2026                      ·  Modified: Jun 8, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Memory corruption while processing multiple IOCTL command for escape operations.

🤖 AI Executive Summary

CVE-2026-25259 involves memory corruption vulnerabilities triggered during processing of multiple IOCTL commands related to escape operations, potentially allowing attackers to execute arbitrary code or cause denial of service. The vulnerability affects systems handling escape sequence processing with a CVSS score of 7.8, indicating high severity.

📄 Description (Arabic)

تتعلق هذه الثغرة بفساد الذاكرة الذي يحدث عند معالجة أوامر IOCTL متعددة المتعلقة بعمليات الهروب. يمكن للمهاجمين استغلال هذا الضعف لتنفيذ أكواد عشوائية أو التسبب في انهيار النظام. تتطلب الثغرة معالجة فورية لمنع الاستغلال المحتمل.

🤖 ملخص تنفيذي (AI)

هذا الثغرة تتعلق بفساد الذاكرة عند معالجة أوامر IOCTL متعددة المتعلقة بعمليات الهروب، مما قد يسمح للمهاجمين بتنفيذ أكواد عشوائية أو التسبب في رفض الخدمة. تؤثر الثغرة على الأنظمة التي تتعامل مع معالجة تسلسلات الهروب برصيد CVSS بقيمة 7.8.

🤖 AI Intelligence Analysis Analyzed: Jun 6, 2026 18:10

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government energy telecom banking

🎯 MITRE ATT&CK Techniques

T1190 T1203 T1499

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Apply security patches immediately when available from your vendor. Implement strict input validation for IOCTL commands and escape sequences. Monitor system logs for suspicious IOCTL activity. Restrict IOCTL command access to authorized users only. Consider disabling unnecessary escape operations if not required for business functions.

🔧 خطوات المعالجة (العربية)

طبق التصحيحات الأمنية فوراً عند توفرها من المورد. طبق التحقق الصارم من المدخلات لأوامر IOCTL وتسلسلات الهروب. راقب سجلات النظام للنشاط المريب. قيد الوصول إلى أوامر IOCTL للمستخدمين المصرح لهم فقط. فكر في تعطيل عمليات الهروب غير الضرورية إذا لم تكن مطلوبة للعمليات التجارية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

3.1 3.2 4.1

🔵 SAMA CSF

ID.RA-1 PR.PT-1 DE.CM-1

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

product-security@qualcomm.com

Vendor Advisory

📦 Affected Products / CPE 42 entries

qualcomm:cologne_firmware:-

qualcomm:fastconnect_6700_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:iqx5121_firmware:-

qualcomm:iqx7181_firmware:-

qualcomm:qca0000_firmware:-

qualcomm:qcm5430_firmware:-

qualcomm:qcm6490_firmware:-

qualcomm:video_collaboration_vc3_platform_firmware:-

qualcomm:sc8380xp_firmware:-

qualcomm:sd865_5g_firmware:-

qualcomm:snapdragon_460_mobile_platform_firmware:-

qualcomm:snapdragon_662_mobile_platform_firmware:-

qualcomm:snapdragon_ar1_gen_1_platform_firmware:-

qualcomm:snapdragon_xr2_5g_platform_firmware:-

qualcomm:snapdragon_xr2\+_gen_1_platform_firmware:-

qualcomm:sxr2230p_firmware:-

qualcomm:sxr2250p_firmware:-

qualcomm:wcd9370_firmware:-

qualcomm:wcd9375_firmware:-

qualcomm:wcd9378c_firmware:-

qualcomm:wcd9380_firmware:-

qualcomm:wcd9385_firmware:-

qualcomm:wcn3950_firmware:-

qualcomm:wcn3988_firmware:-

qualcomm:wsa8810_firmware:-

qualcomm:wsa8815_firmware:-

qualcomm:wsa8830_firmware:-

qualcomm:wsa8832_firmware:-

qualcomm:wsa8835_firmware:-

qualcomm:wsa8840_firmware:-

qualcomm:wsa8845_firmware:-

qualcomm:wsa8845h_firmware:-

qualcomm:x2000077_firmware:-

qualcomm:x2000086_firmware:-

qualcomm:x2000090_firmware:-

qualcomm:x2000092_firmware:-

qualcomm:x2000094_firmware:-

qualcomm:xg101002_firmware:-

qualcomm:xg101032_firmware:-

qualcomm:xg101039_firmware:-

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-787

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-06-01

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-787

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-25259

Introduce Yourself

Sign In Required