Skip to content
Threat Feed
high advisory

CVE-2025-59605: Qualcomm Device Identifier String Memory Corruption

CVE-2025-59605 is a memory corruption vulnerability in Qualcomm products where processing overly long device identifier strings leads to an out-of-bounds write, potentially allowing for information disclosure, code execution, or denial of service.

CVE-2025-59605 describes a memory corruption vulnerability affecting Qualcomm products. The vulnerability stems from improper handling of device identifier strings. Specifically, when these strings exceed the expected maximum length, the processing logic can lead to an out-of-bounds write. This issue could be exploited by a local attacker with low privileges and no user interaction to cause memory corruption. The vulnerability was disclosed in Qualcomm’s June 2026 security bulletin and carries a CVSS v3.1 score of 7.8. This vulnerability could be exploited to achieve local privilege escalation or denial of service.

Attack Chain

  1. A malicious application is installed on the target device.
  2. The application crafts an overly long device identifier string.
  3. The application triggers the vulnerable code path, providing the crafted string as input.
  4. The vulnerable code attempts to process the string without proper bounds checking.
  5. Due to the excessive length, a memory buffer overflow occurs, leading to an out-of-bounds write.
  6. The out-of-bounds write corrupts adjacent memory regions.
  7. The corrupted memory regions lead to unpredictable behavior, such as application crashes or system instability.
  8. An attacker exploits the vulnerability to potentially achieve code execution or escalate privileges on the local system.

Impact

Successful exploitation of CVE-2025-59605 could lead to several negative consequences. An attacker could potentially execute arbitrary code on the affected device, potentially gaining elevated privileges. This could result in unauthorized access to sensitive data, installation of malware, or complete control over the device. The out-of-bounds write can also trigger a denial-of-service condition, rendering the device unusable. The number of affected devices is currently unknown, but given Qualcomm’s widespread use in mobile devices and other embedded systems, the potential impact could be significant.

Recommendation

  • Apply the security patches released by Qualcomm as detailed in their June 2026 security bulletin to remediate CVE-2025-59605.
  • Monitor systems for unexpected crashes or instability that may be indicative of memory corruption vulnerabilities.
  • Implement runtime memory protection mechanisms to detect and prevent out-of-bounds writes (related to the CWE-787).

Detection coverage 2

CVE-2025-59605 Potential Exploitation - Process Memory Access Violation

medium

Detects potential exploitation of CVE-2025-59605 based on memory access violations by processes that handle device identifiers.

sigma tactics: defense_evasion techniques: T1068 sources: process_creation, windows

CVE-2025-59605 - Detect Faulting Application

low

Detects a crashing process indicating a potential memory corruption issue related to CVE-2025-59605.

sigma tactics: impact techniques: T1499.004 sources: application, windows

Detection queries are available on the platform. Get full rules →