How to fix CVE-2025-27064?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Fastconnect 6900 Firmware affected by CVE-2025-27064?

CVE-2025-27064 presents moderate security risk rated CVSS 6.1. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-27064

MEDIUM

2025-11-04 [email protected]

6.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:20 vuln.today

CVE Published

Nov 04, 2025 - 04:15 nvd

MEDIUM 6.1

Tags

Buffer Overflow Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware Ipq5300 Firmware Ipq5302 Firmware Ipq5312 Firmware Ipq5332 Firmware Ipq5424 Firmware Ipq9008 Firmware Ipq9048 Firmware Ipq9554 Firmware Ipq9570 Firmware Ipq9574 Firmware Mdm9628 Firmware Qam8255p Firmware Qam8650p Firmware Qca0000 Firmware Qca6564a Firmware Qca6564au Firmware Qca6574a Firmware Qca6574au Firmware Qca6584au Firmware Qca6595au Firmware Qca6678aq Firmware Qca6688aq Firmware Qca6698aq Firmware Qca8075 Firmware Qca8080 Firmware Qca8081 Firmware Qca8082 Firmware Qca8084 Firmware Qca8085 Firmware Qca8101 Firmware Qca8102 Firmware Qca8111 Firmware Qca8112 Firmware Qca8384 Firmware Qca8385 Firmware Qca8386 Firmware Qca9367 Firmware Qca9377 Firmware Qcf8000 Firmware Qcf8001 Firmware Qcn5124 Firmware Qcn5224 Firmware Qcn6402 Firmware Qcn6412 Firmware Qcn6422 Firmware Qcn6432 Firmware Qcn9000 Firmware Qcn9012 Firmware Qcn9024 Firmware Qcn9074 Firmware Qcn9160 Firmware Qcn9274 Firmware Qxm8083 Firmware Sa4150p Firmware Sa4155p Firmware Sa6155p Firmware Sa7255p Firmware Sa8155p Firmware Sa8195p Firmware Sa8255p Firmware Sa8530p Firmware Sa8540p Firmware Sa8650p Firmware Sa9000p Firmware Snapdragon 8 Gen 1 Mobile Platform Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware Sxr2250p Firmware Wcd9380 Firmware Wcn3660b Firmware Wcn3680b Firmware Wcn3980 Firmware Wsa8830 Firmware Wsa8835 Firmware

Description

Information disclosure while registering commands from clients with diag through diagHal.

Analysis

Information disclosure while registering commands from clients with diag through diagHal. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Technical Context

This vulnerability is classified under CWE-126. Information disclosure while registering commands from clients with diag through diagHal. Affected products include: Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Immersive Home 3210 Platform Firmware, Qualcomm Immersive Home 326 Platform Firmware, Qualcomm Ipq5300 Firmware.

Affected Products

Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Immersive Home 3210 Platform Firmware, Qualcomm Immersive Home 326 Platform Firmware, Qualcomm Ipq5300 Firmware.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +30

POC: 0

CVE-2025-27064 vulnerability details – vuln.today

Back