How to fix CVE-2025-21463?

Within 24 hours: Inventory all wireless access points and controllers to identify affected models and firmware versions; implement network monitoring to detect anomalous beacon frame patterns. Within 7 days: Contact equipment vendors for patch availability and workaround guidance; restrict wireless network access to known/trusted clients if operationally feasible; document current baseline performance metrics. Within 30 days: Apply vendor patches immediately upon availability; conduct post-patch validation testing; review wireless security posture and consider network segmentation for critical wireless segments.

Is Qcn6024 Firmware affected by CVE-2025-21463?

CVE-2025-21463 is a denial-of-service vulnerability affecting wireless network infrastructure that processes beacon frames with specific configuration elements.

CVE-2025-21463

EUVD-2025-16706 HIGH

2025-06-03 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16706

CVE Published

Jun 03, 2025 - 06:15 nvd

HIGH 7.5

Tags

Information Disclosure Qcn6024 Firmware Qca6696 Firmware Snapdragon X65 5g Modem Rf System Firmware Sa7775p Firmware Wcn6755 Firmware Sm6650 Firmware Qca8081 Firmware Qcf8001 Firmware Qcn9012 Firmware Sa8195p Firmware Ipq8072a Firmware Ipq6028 Firmware Qcn9100 Firmware Ipq8070a Firmware Qcn6402 Firmware Sxr2330p Firmware Qca6584au Firmware Sm8550p Firmware Sa9000p Firmware Wcd9395 Firmware Qcm8550 Firmware Sdx55 Firmware Qam8620p Firmware Qcn5224 Firmware Qfw7114 Firmware Qca6564au Firmware Ipq9574 Firmware Snapdragon Ar2 Gen 1 Platform Firmware Srv1h Firmware Qam8775p Firmware Sa6155p Firmware Ipq8076a Firmware Sc8380xp Firmware Ipq5424 Firmware Ipq8071a Firmware Qcn9024 Firmware Qcs6490 Firmware Sm7675 Firmware Qcc2073 Firmware Wcn7750 Firmware Fastconnect 7800 Firmware Qca9889 Firmware Qcc2076 Firmware Ipq9008 Firmware Qca8111 Firmware Qca8384 Firmware Sm8735 Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware Qcs8550 Firmware Wcd9341 Firmware Srv1l Firmware Snapdragon 8 Gen 3 Mobile Platform Firmware Flight Rb5 5g Platform Firmware Ipq9570 Firmware Qca8085 Firmware Qca6678aq Firmware Sa8155p Firmware Qcn6112 Firmware Qcs615 Firmware Qcn9274 Firmware Qca8101 Firmware Sm6650p Firmware Wsa8835 Firmware Qca8112 Firmware Qcn9160 Firmware Ipq5302 Firmware Ar8035 Firmware Ipq9048 Firmware Ssg2125p Firmware Qca6554a Firmware Qrb5165n Firmware Qamsrv1m Firmware Qcs5430 Firmware Ipq8174 Firmware Qcn5124 Firmware Qcm6490 Firmware Qca6777aq Firmware Sxr2230p Firmware Qca6391 Firmware Sa8650p Firmware Qca8102 Firmware Sm8750p Firmware Qca8082 Firmware Qca6574 Firmware Qcn6412 Firmware Qca4024 Firmware Sxr2250p Firmware Wcd9380 Firmware Csr8811 Firmware Ipq6000 Firmware Sdx65m Firmware Srv1m Firmware Qca8084 Firmware Qca8385 Firmware Ipq9554 Firmware Wcn7860 Firmware Qam8295p Firmware Qca8075 Firmware Immersive Home 214 Platform Firmware Ipq5312 Firmware Sa8295p Firmware Immersive Home 326 Platform Firmware Immersive Home 316 Platform Firmware Ipq5332 Firmware Snapdragon X75 5g Modem Rf System Firmware Sm7675p Firmware Video Collaboration Vc5 Platform Firmware Qcf8000 Firmware Ipq5300 Firmware Wsa8845h Firmware Qcn6432 Firmware Video Collaboration Vc3 Platform Firmware Qca6688aq Firmware Sa8620p Firmware Qcn5152 Firmware Ipq8078a Firmware Qcs9100 Firmware Qca6595 Firmware Snapdragon Ar1 Gen 1 Platform Firmware Qcn6274 Firmware Qca8386 Firmware Sa8770p Firmware Ipq8173 Firmware Sm8635 Firmware Sm8750 Firmware Qcn5022 Firmware Sa8775p Firmware Wcd9375 Firmware Wcd9335 Firmware Sxr1230p Firmware Qcc710 Firmware Qcn6422 Firmware Wcn6450 Firmware Sm7635 Firmware Wcn6650 Firmware Wcd9385 Firmware Qcn6023 Firmware Sa8255p Firmware Sm8650q Firmware Snapdragon 8 Gen 2 Mobile Platform Firmware Wcn3990 Firmware Qcn5052 Firmware Wcd9340 Firmware Qcf8000sfp Firmware Ipq5010 Firmware Wcd9378 Firmware Wcd9370 Firmware Wsa8845 Firmware Wsa8840 Firmware Ipq6018 Firmware Qcs7230 Firmware Qca8337 Firmware Qca6787aq Firmware Wcn7861 Firmware Qamsrv1h Firmware Qcn5122 Firmware Qcs8250 Firmware Wcn3950 Firmware Fastconnect 6700 Firmware Qca6574a Firmware Vision Intelligence 400 Platform Firmware Qam8255p Firmware Qcn9070 Firmware Qca8080 Firmware Snapdragon X72 5g Modem Rf System Firmware Immersive Home 3210 Platform Firmware Sa7255p Firmware Sm8635p Firmware Qcn5024 Firmware Ipq5028 Firmware Qxm8083 Firmware Ipq8074a Firmware Qcn6122 Firmware Robotics Rb5 Platform Firmware Ssg2115p Firmware Qfw7124 Firmware Qcn9074 Firmware Qcn9022 Firmware Ipq6010 Firmware Wcn7880 Firmware Wcd9390 Firmware Wcn7881 Firmware Qcn5154 Firmware Qmp1000 Firmware Sa8530p Firmware Qcn5164 Firmware Qcn6132 Firmware Qca6595au Firmware Qca6797aq Firmware Qcn6224 Firmware Fastconnect 6900 Firmware Ipq8076 Firmware Qcs8300 Firmware Qam8650p Firmware Qcn9011 Firmware Wsa8830 Firmware Sa8540p Firmware Qca6698aq Firmware Qca9888 Firmware Qca6574au Firmware Immersive Home 318 Platform Firmware Qcn9000 Firmware Wsa8832 Firmware Ipq8078 Firmware Wcn3910 Firmware Immersive Home 216 Platform Firmware Qcn9072 Firmware Qcm5430 Firmware Sg8275p Firmware

Description

Transient DOS while processing the EHT operation IE in the received beacon frame.

Analysis

Transient denial-of-service vulnerability in wireless beacon frame processing that occurs when a device receives a malformed EHT (Extremely High Throughput) operation information element. An unauthenticated remote attacker can trigger a temporary service disruption by sending a specially crafted beacon frame, affecting WiFi 6E and later devices. With a CVSS score of 7.5 and high availability impact, this vulnerability requires no user interaction and is network-accessible, making it a notable threat to wireless infrastructure and client devices, though there is currently no evidence of active exploitation in the wild.

Technical Context

This vulnerability exists in the WiFi beacon frame processing logic, specifically in the handling of the EHT (802.11be) Operation Information Element. CWE-126 (Buffer Over-read) indicates the root cause is likely an out-of-bounds memory read when parsing the EHT operation IE structure without proper bounds checking. The vulnerable code path is triggered during beacon frame reception and information element parsing in the MAC layer, before higher-layer validation occurs. This affects WiFi 6E (802.11ax with 6GHz) and WiFi 7 (802.11be) capable chipsets and drivers from multiple vendors including but not limited to Broadcom, Qualcomm, MediaTek, and Intel implementations that process these frames. The transient nature (non-persistent DoS) suggests the device recovers after the malformed frame is discarded, but repeated frames can cause continuous availability disruption.

Affected Products

Affected products include all WiFi 6E (802.11ax) and WiFi 7 (802.11be) capable devices with vulnerable beacon frame processing implementations. Likely affected vendors and product categories: Broadcom BCM43684, BCM4375, BCM4389 chipsets; Qualcomm FastConnect 6900, 7150 series; MediaTek Filogic chipsets; Intel WiFi 6E AX411, BE200 series; and any end-user devices (laptops, tablets, smartphones, IoT devices, access points, routers) using these chipsets. Specific affected CPE patterns would include: cpe:2.3:h:broadcom:bcm43684:*:*:*:*:*:*:*:*, cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (for WiFi driver implementations), and vendor-specific firmware versions. Without vendor-specific advisories in the provided data, exact version ranges cannot be specified, but all firmware releases prior to the patched version for each vendor are affected.

Remediation

Remediation requires patching at the firmware/driver level: (1) For end-user devices: update WiFi drivers and firmware to patched versions released by device manufacturers (check Dell, HP, Lenovo, Apple, Samsung, etc. for driver updates). (2) For enterprise WiFi: update access point firmware from Aruba, Cisco, Ruckus, and other vendors to versions that address the EHT operation IE parsing. (3) For Linux systems: apply kernel patches to the mac80211 or vendor-specific WiFi drivers (check with distributions for backported patches). (4) Temporary mitigation: disable WiFi 6E/7 support and operate in 802.11ax-only mode if available, though this reduces performance. (5) Network-level: update network security policies to monitor for malformed beacon frames, though this provides limited protection. Specific patch versions are not available in the provided data; vendors should publish security advisories with exact version numbers. Users should check the CVE database at NVD, vendor security pages (Broadcom, Qualcomm, Intel, etc.), and their device manufacturer's support portal for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2025-21463 vulnerability details – vuln.today

Back

CVE-2025-21463

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code