Skip to main content

Ar8035 Firmware CVE-2025-21463

| EUVD-2025-16706 HIGH
Buffer Over-read (CWE-126)
2025-06-03 product-security@qualcomm.com
Information Disclosure Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Flight Rb5 5g Platform Firmware Immersive Home 214 Platform Firmware Immersive Home 216 Platform Firmware Immersive Home 316 Platform Firmware Immersive Home 318 Platform Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware Ipq5010 Firmware Ipq5028 Firmware Ipq5300 Firmware Ipq5302 Firmware Ipq5312 Firmware Ipq5332 Firmware Ipq5424 Firmware Ipq6000 Firmware Ipq6010 Firmware Ipq6018 Firmware Ipq6028 Firmware Ipq8070a Firmware Ipq8071a Firmware Ipq8072a Firmware Ipq8074a Firmware Ipq8076 Firmware Ipq8076a Firmware Ipq8078 Firmware Ipq8078a Firmware Ipq8173 Firmware Ipq8174 Firmware Ipq9008 Firmware Ipq9048 Firmware Ipq9554 Firmware Ipq9570 Firmware Ipq9574 Firmware Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware Qam8775p Firmware Qamsrv1h Firmware Qamsrv1m Firmware Qca4024 Firmware Qca6391 Firmware Qca6554a Firmware Qca6564au Firmware Qca6574 Firmware Qca6574a Firmware Qca6574au Firmware Qca6584au Firmware Qca6595 Firmware Qca6595au Firmware Qca6678aq Firmware Qca6688aq Firmware Qca6696 Firmware Qca6698aq Firmware Qca6777aq Firmware Qca6787aq Firmware Qca6797aq Firmware Qca8075 Firmware Qca8080 Firmware Qca8081 Firmware Qca8082 Firmware Qca8084 Firmware Qca8085 Firmware Qca8101 Firmware Qca8102 Firmware Qca8111 Firmware Qca8112 Firmware Qca8337 Firmware Qca8384 Firmware Qca8385 Firmware Qca8386 Firmware Qca9888 Firmware Qca9889 Firmware Qcc2073 Firmware Qcc2076 Firmware Qcc710 Firmware Qcf8000 Firmware Qcf8000sfp Firmware Qcf8001 Firmware Qcm5430 Firmware Qcm6490 Firmware Qcm8550 Firmware Qcn5022 Firmware Qcn5024 Firmware Qcn5052 Firmware Qcn5122 Firmware Qcn5124 Firmware Qcn5152 Firmware Qcn5154 Firmware Qcn5164 Firmware Qcn5224 Firmware Qcn6023 Firmware Qcn6024 Firmware Qcn6112 Firmware Qcn6122 Firmware Qcn6132 Firmware Qcn6224 Firmware Qcn6274 Firmware Qcn6402 Firmware Qcn6412 Firmware Qcn6422 Firmware Qcn6432 Firmware Qcn9000 Firmware Qcn9011 Firmware Qcn9012 Firmware Qcn9022 Firmware Qcn9024 Firmware Qcn9070 Firmware Qcn9072 Firmware Qcn9074 Firmware Qcn9100 Firmware Qcn9160 Firmware Qcn9274 Firmware Qcs5430 Firmware Qcs615 Firmware Qcs6490 Firmware Qcs7230 Firmware Qcs8250 Firmware Qcs8300 Firmware Qcs8550 Firmware Qcs9100 Firmware Qfw7114 Firmware Qfw7124 Firmware Qmp1000 Firmware Qrb5165n Firmware Qxm8083 Firmware Robotics Rb5 Platform Firmware Sa6155p Firmware Sa7255p Firmware Sa7775p Firmware Sa8155p Firmware Sa8195p Firmware Sa8255p Firmware Sa8295p Firmware Sa8530p Firmware Sa8540p Firmware Sa8620p Firmware Sa8650p Firmware Sa8770p Firmware Sa8775p Firmware Sa9000p Firmware Sc8380xp Firmware Sdx55 Firmware Sdx65m Firmware Sg8275p Firmware Sm6650 Firmware Sm6650p Firmware Sm7635 Firmware Sm7675 Firmware Sm7675p Firmware Sm8550p Firmware Sm8635 Firmware Sm8635p Firmware Sm8650q Firmware Sm8735 Firmware Sm8750 Firmware Sm8750p Firmware Snapdragon 8 Gen 2 Mobile Platform Firmware Snapdragon 8 Gen 3 Mobile Platform Firmware Snapdragon Ar1 Gen 1 Platform Firmware Snapdragon Ar2 Gen 1 Platform Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware Snapdragon X65 5g Modem Rf System Firmware Snapdragon X72 5g Modem Rf System Firmware Snapdragon X75 5g Modem Rf System Firmware Srv1h Firmware Srv1l Firmware Srv1m Firmware Ssg2115p Firmware Ssg2125p Firmware Sxr1230p Firmware Sxr2230p Firmware Sxr2250p Firmware Sxr2330p Firmware Video Collaboration Vc3 Platform Firmware Video Collaboration Vc5 Platform Firmware Vision Intelligence 400 Platform Firmware Wcd9335 Firmware Wcd9340 Firmware Wcd9341 Firmware Wcd9370 Firmware Wcd9375 Firmware Wcd9378 Firmware Wcd9380 Firmware Wcd9385 Firmware Wcd9390 Firmware Wcd9395 Firmware Wcn3910 Firmware Wcn3950 Firmware Wcn3990 Firmware Wcn6450 Firmware Wcn6650 Firmware Wcn6755 Firmware Wcn7750 Firmware Wcn7860 Firmware Wcn7861 Firmware Wcn7880 Firmware Wcn7881 Firmware Wsa8830 Firmware Wsa8832 Firmware Wsa8835 Firmware Wsa8840 Firmware Wsa8845 Firmware Wsa8845h Firmware
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16706
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 06:15 nvd
HIGH 7.5

DescriptionNVD

Transient DOS while processing the EHT operation IE in the received beacon frame.

AnalysisAI

Transient denial-of-service vulnerability in wireless beacon frame processing that occurs when a device receives a malformed EHT (Extremely High Throughput) operation information element. An unauthenticated remote attacker can trigger a temporary service disruption by sending a specially crafted beacon frame, affecting WiFi 6E and later devices. With a CVSS score of 7.5 and high availability impact, this vulnerability requires no user interaction and is network-accessible, making it a notable threat to wireless infrastructure and client devices, though there is currently no evidence of active exploitation in the wild.

Technical ContextAI

This vulnerability exists in the WiFi beacon frame processing logic, specifically in the handling of the EHT (802.11be) Operation Information Element. CWE-126 (Buffer Over-read) indicates the root cause is likely an out-of-bounds memory read when parsing the EHT operation IE structure without proper bounds checking. The vulnerable code path is triggered during beacon frame reception and information element parsing in the MAC layer, before higher-layer validation occurs. This affects WiFi 6E (802.11ax with 6GHz) and WiFi 7 (802.11be) capable chipsets and drivers from multiple vendors including but not limited to Broadcom, Qualcomm, MediaTek, and Intel implementations that process these frames. The transient nature (non-persistent DoS) suggests the device recovers after the malformed frame is discarded, but repeated frames can cause continuous availability disruption.

RemediationAI

Remediation requires patching at the firmware/driver level: (1) For end-user devices: update WiFi drivers and firmware to patched versions released by device manufacturers (check Dell, HP, Lenovo, Apple, Samsung, etc. for driver updates). (2) For enterprise WiFi: update access point firmware from Aruba, Cisco, Ruckus, and other vendors to versions that address the EHT operation IE parsing. (3) For Linux systems: apply kernel patches to the mac80211 or vendor-specific WiFi drivers (check with distributions for backported patches). (4) Temporary mitigation: disable WiFi 6E/7 support and operate in 802.11ax-only mode if available, though this reduces performance. (5) Network-level: update network security policies to monitor for malformed beacon frames, though this provides limited protection. Specific patch versions are not available in the provided data; vendors should publish security advisories with exact version numbers. Users should check the CVE database at NVD, vendor security pages (Broadcom, Qualcomm, Intel, etc.), and their device manufacturer's support portal for patch availability.

Share

CVE-2025-21463 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy