CVE-2025-59609 - Vulnerability Details

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`AR8035`	affected	—
`CSR8811`	affected	—
`CSRA6620`	affected	—
`CSRA6640`	affected	—
`FastConnect 6700`	affected	—
`FastConnect 6900`	affected	—
`FastConnect 7800`	affected	—
`Flight RB5 5G Platform`	affected	—
`FWA Gen 3 Ultra Platform`	affected	—
`Immersive Home 214 Platform`	affected	—
`Immersive Home 216 Platform`	affected	—
`Immersive Home 316 Platform`	affected	—
`Immersive Home 318 Platform`	affected	—
`Immersive Home 3210 Platform`	affected	—
`Immersive Home 326 Platform`	affected	—
`IPQ5010`	affected	—
`IPQ5028`	affected	—
`IPQ5300`	affected	—
`IPQ5302`	affected	—
`IPQ5312`	affected	—
`IPQ5332`	affected	—
`IPQ6000`	affected	—
`IPQ6010`	affected	—
`IPQ6018`	affected	—
`IPQ8076`	affected	—
`IPQ8078`	affected	—
`IPQ9008`	affected	—
`IPQ9554`	affected	—
`IPQ9570`	affected	—
`IPQ9574`	affected	—
`IQ6 Series Platform`	affected	—
`IQ8 Series Platform`	affected	—
`IQ9 Series Platform`	affected	—
`LeMans_AU_LGIT`	affected	—
`LeMansAU`	affected	—
`Marina`	affected	—
`Milos`	affected	—
`Monaco_IOT`	affected	—
`Networking Pro 1200 Platform`	affected	—
`Networking Pro 1210 Platform`	affected	—
`Networking Pro 1610 Platform`	affected	—
`Networking Pro 400 Platform`	affected	—
`Networking Pro 600 Platform`	affected	—
`Networking Pro 610 Platform`	affected	—
`Networking Pro 800 Platform`	affected	—
`Networking Pro 810 Platform`	affected	—
`Pandeiro`	affected	—
`QAM8255P`	affected	—
`QAM8295P`	affected	—
`QAMSRV1H`	affected	—
`QAMSRV1M`	affected	—
`QCA0000`	affected	—
`QCA4024`	affected	—
`QCA6391`	affected	—
`QCA6554A`	affected	—
`QCA6564AU`	affected	—
`QCA6574`	affected	—
`QCA6574A`	affected	—
`QCA6574AU`	affected	—
`QCA6584AU`	affected	—
`QCA6595`	affected	—
`QCA6595AU`	affected	—
`QCA6678AQ`	affected	—
`QCA6688AQ`	affected	—
`QCA6696`	affected	—
`QCA6698AQ`	affected	—
`QCA6777AQ`	affected	—
`QCA6787AQ`	affected	—
`QCA6797AQ`	affected	—
`QCA8075`	affected	—
`QCA8080`	affected	—
`QCA8081`	affected	—
`QCA8082`	affected	—
`QCA8084`	affected	—
`QCA8085`	affected	—
`QCA8101`	affected	—
`QCA8102`	affected	—
`QCA8111`	affected	—
`QCA8112`	affected	—
`QCA8337`	affected	—
`QCA8384`	affected	—
`QCA8385`	affected	—
`QCA8386`	affected	—
`QCA9888`	affected	—
`QCA9889`	affected	—
`QCC710`	affected	—
`QCF8000`	affected	—
`QCF8001`	affected	—
`QCM5430`	affected	—
`QCM6490`	affected	—
`QCN5022`	affected	—
`QCN5024`	affected	—
`QCN5052`	affected	—
`QCN5122`	affected	—
`QCN5124`	affected	—
`QCN5152`	affected	—
`QCN5154`	affected	—
`QCN5164`	affected	—
`QCN5224`	affected	—
`QCN6023`	affected	—
`QCN6024`	affected	—
`QCN6122`	affected	—
`QCN6132`	affected	—
`QCN6224`	affected	—
`QCN6274`	affected	—
`QCN6402`	affected	—
`QCN6412`	affected	—
`QCN6422`	affected	—
`QCN6432`	affected	—
`QCN9000`	affected	—
`QCN9022`	affected	—
`QCN9024`	affected	—
`QCN9070`	affected	—
`QCN9100`	affected	—
`QCN9160`	affected	—
`QCN9274`	affected	—
`QFW7114`	affected	—
`QFW7124`	affected	—
`QLN1083BD`	affected	—
`QLN1086BD`	affected	—
`QPA1083BD`	affected	—
`QPA1086BD`	affected	—
`QRB5165N`	affected	—
`Qualcomm Video Collaboration VC3 Platform`	affected	—
`Qualcomm Video Collaboration VC5 Platform`	affected	—
`QXM1093`	affected	—
`QXM1094`	affected	—
`QXM1095`	affected	—
`QXM1096`	affected	—
`QXM8083`	affected	—
`Robotics RB2 Platform`	affected	—
`Robotics RB5 Platform`	affected	—
`SA6155P`	affected	—
`SA7255P`	affected	—
`SA7775P`	affected	—
`SA8155P`	affected	—
`SA8195P`	affected	—
`SA8255P`	affected	—
`SA8295P`	affected	—
`SA8620P`	affected	—
`SA8770P`	affected	—
`SA9000P`	affected	—
`SAR1250P`	affected	—
`SAR2130P`	affected	—
`SAR2230P`	affected	—
`SM6650P`	affected	—
`SM7550`	affected	—
`SM7550P`	affected	—
`SM7635P`	affected	—
`SM7675`	affected	—
`SM8550P`	affected	—
`SM8635`	affected	—
`SM8650Q`	affected	—
`Snapdragon 460 Mobile Platform`	affected	—
`Snapdragon 6 Gen 4 Mobile Platform`	affected	—
`Snapdragon 662 Mobile Platform`	affected	—
`Snapdragon 7s Gen 3 Mobile Platform`	affected	—
`Snapdragon 8 Gen 2 Mobile Platform`	affected	—
`Snapdragon 8 Gen 3 Mobile Platform`	affected	—
`Snapdragon 8+ Gen 2 Mobile Platform`	affected	—
`Snapdragon AR1 Gen 1 Platform`	affected	—
`Snapdragon X75 5G Modem-RF System`	affected	—
`SRV1H`	affected	—
`SRV1M`	affected	—
`SW-only`	affected	—
`SW5100P`	affected	—
`SXR2230P`	affected	—
`SXR2250P`	affected	—
`WCD9335`	affected	—
`WCD9340`	affected	—
`WCD9370`	affected	—
`WCD9371`	affected	—
`WCD9375`	affected	—
`WCD9378`	affected	—
`WCD9380`	affected	—
`WCD9385`	affected	—
`WCD9390`	affected	—
`WCD9395`	affected	—
`WCN3950`	affected	—
`WCN3988`	affected	—
`WCN6650`	affected	—
`WCN6755`	affected	—
`WCN7860`	affected	—
`WCN7861`	affected	—
`WSA8830`	affected	—
`WSA8832`	affected	—
`WSA8835`	affected	—
`WSA8840`	affected	—
`WSA8845`	affected	—
`WSA8845H`	affected	—

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

History

Tue, 02 Jun 2026 00:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 22:30:00 +0000

Type	Values Removed	Values Added
Description		Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
Title		Buffer Over-read in WLAN Host Communication
Weaknesses		CWE-126
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2026-06-01T22:05:27.944Z

Updated: 2026-06-01T23:48:48.270Z

Reserved: 2025-09-18T03:19:23.201Z

Link: CVE-2025-59609

Vulnrichment

Updated: 2026-06-01T23:48:44.843Z

NVD

Status : Received

Published: 2026-06-01T23:16:16.113

Modified: 2026-06-01T23:16:16.113

Link: CVE-2025-59609

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T23:30:12Z

Weaknesses

CWE-126

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object