Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
AnalysisAI
Memory corruption vulnerability in dynamic process creation functionality that occurs when a client passes only the address and length of a shell binary without proper validation or bounds checking. This vulnerability affects local attackers with limited user privileges who can exploit the memory corruption to achieve arbitrary code execution with full system impact (confidentiality, integrity, and availability compromise). The vulnerability requires local access and low complexity exploitation, making it a significant risk for multi-user systems; KEV and active exploitation status are not confirmed in available data, but the high CVSS score (7.8) and memory corruption nature suggest this warrants urgent patching.
Technical ContextAI
This vulnerability exists in process creation APIs/syscalls that dynamically invoke shell binaries based on client-supplied parameters. The root cause is classified under CWE-822 (Improperly Controlled Object Before It Is Freed/'Use Before Free'), indicating improper memory management during the transition from user-mode client data to kernel-mode process execution. The flaw occurs because the system accepts only an address and length parameter for the shell binary without: (1) validating that the memory region remains valid and accessible throughout the operation, (2) performing bounds checking on the supplied length, or (3) properly synchronizing access to prevent use-after-free conditions. This is typical of systems that perform direct memory operations in privileged contexts based on unprivileged user input, particularly in process spawning routines where the kernel must reference user-supplied binary data. The vulnerability likely affects Unix-like systems with dynamic process creation capabilities (fork/exec patterns or equivalent syscalls).
RemediationAI
Immediate remediation steps: (1) Apply security patches from your OS/product vendor when available—search vendor security advisories for CVE-2025-21486 specific patch versions and apply without delay; (2) Implement kernel/firmware updates from official sources; (3) For systems where patches are not yet available, implement access controls restricting use of dynamic process creation APIs to trusted users only (via SELinux, AppArmor, or capability-based security). Workarounds include: (1) Disabling non-essential process spawning features if application logic permits, (2) Running vulnerable services in restricted containers with reduced privilege sets, (3) Monitoring process creation syscalls for suspicious patterns via auditd/ebpf monitoring. Long-term: enable kernel address space layout randomization (ASLR), stack canaries, and execute-never (NX) protections to increase exploitation complexity. Subscribe to your vendor's security mailing lists for patch notification. Without specific vendor advisory links in provided data, consult official CVE databases (nvd.nist.gov, cisa.gov) and vendor security pages for patch download URLs and version information.
More in Fastconnect 6900 Firmware
View allQualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm
A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Cryptographic issue occurs due to use of insecure connection method while downloading.
Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4),
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs whe
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Same weakness CWE-822 – Untrusted Pointer Dereference
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16703