CSIRT Toscana Rilevate vulnerabilità in prodotti Qualcomm (AL06/251202/CSIRT-ITA)
Data:
2 Dicembre 2025
Impatto Sistemico
Medio (61.53)
Sintesi
Rilevate vulnerabilità nei prodotti Qualcomm, di cui una con gravità “critica” e otto con gravità “alta”. Nel dettaglio, tali vulnerabilità potrebbero consentire ad un utente malintenzionato l’esecuzione di codice arbitraria, accedere a informazioni riservate, compromettere la disponibilità del servizio, l’escalation di privilegi e il bypass dei meccanismi di sicurezza sui sistemi interessati.
Tipologia
- Arbitrary Code Execution
- Information Leakage
- Denial fo Service
- Elevation of Privilege
- Security Restrictions Bypass
Prodotti e/o versioni affette
Chipset affetti: QAM8255P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, SA7255P, SA7775P, SA8255P, SA8620P, SA8650P, A8770P, A8775P, A9000P, SRV1H, SRV1L, SRV1M, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, QAM8255P, QAM8295P, QCA6174A, QCA6391, QCA6564, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6688AQ, QCA8081, QCA8337, QCC710, QCM2290, QCM4490, QCM5430, QCM6490, QCM8550, QCN6024, QCN6224, QCN6274, QCN9011, QCN9012, QCN9024, QCS2290, QCS4490, QCS5430, QCS6490, QCS8550, QEP8111, QFW7114, QFW7124, QMP1000, Qualcommr Video Collaboration VC3 Platform, Robotics RB2 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SC8380XP, SD 8 Gen1 5G, SDX61, SDX71M, SG4150P, SG8275, SG8275P, SM4635, SM6475, SM6650, SM6650P, SM7325P, SM7435, SM7550, SM7550P, SM7635, SM7635P, SM7675, SM7675P, SM8475P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735, SM8750, SM8750P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 695 5G Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 7+ Gen 2 Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon 8cx Gen 3 Compute Platform (SC828BB)0XP-AB, BB), Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform “Luna1”, Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X32 5G Modem-RF System, Snapdragon X35 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2230P, SXR2250P, WCD9335, WCD9340, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN6650, WCN6740, WCN6755, WCN7750, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, AQT1000, FastConnect 6800, QCA6420, QCA6430, Qualcomm® Video Collaboration VC3 Platform, SC8180X+SDX55, SM6250, Snapdragon 7c Compute Platform (SC7180-AC), Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) “Rennell Pro”, Snapdragon 8c Compute Platform (SC8180X-AD) “Poipu Lite”, Snapdragon 8c Compute Platform (SC8180XP-AD) “Poipu Lite”, Snapdragon 8cx Compute Platform (SC8180X-AA, AB), Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) “Poipu Pro”, Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF), Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB), Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB), WCD9341, AR8031, QCA2066, QCM6125, QCS6125, Qualcommr Video Collaboration VC1 Platform, SM7250P, Smart Audio 400 Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), QCA8695AU, QCA9367, QCA9377, QCM6690, QCS610, QCS6690, Qualcomm® Video Collaboration VC1 Platform, SG6150, SG6150P, SM8850, SM8850P, SXR2330P, SXR2350P, WCN6450, Flight RB5 5G Platform, QCS410, QCS7230, QCS8250, QRB5165M, QRB5165N, Qualcomm 215 Mobile Platform, Qualcommr Video Collaboration VC5 Platform, Robotics RB5 Platform, SD660, SD865 5G, Snapdragon 660 Mobile Platform, Snapdragon 690 5G Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon X55 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, WCD9326, WCN3615, WCN3660B, WCN3680B, WCN3990, 9206 LTE Modem, APQ8017, CSRB31024, C-V2X 9150, MDM9250, MDM9628, MDM9640, MSM8996AU, QCA6564A, QCA6584, SA2150P, SD626, SD855, SDM429W, SDX55, Smart Display 200 Platform (APQ5053-AA), Snapdragon 1200 Wearable Platform, Snapdragon 429 Mobile Platform, Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon Auto 5G Modem-RF, Snapdragon X12 LTE Modem, Snapdragon X5 LTE Modem, Snapdragon XR1 Platform, Snapdragon Auto 4G Modem, SXR1120, Vision Intelligence 100 Platform (APQ8053-AA), Vision Intelligence 200 Platform (APQ8053-AC), Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9330, WCD9360, WCN3620, QDU1010, QDX1010, QDX1011.
Per maggiori dettagli inerenti alla lista dei prodotti si rimanda al bollettino ufficiale del vendor, disponibile nella sezione Riferimenti.
Azioni di mitigazione
In linea con le dichiarazioni del vendor, si raccomanda di aggiornare i prodotti vulnerabili seguendo le indicazioni del bollettino di sicurezza riportato nella sezione Riferimenti.
Di seguito sono riportate le sole CVE relative alle vulnerabilità con gravità “alta” e “critica”:
Riferimenti
CVE
| CVE-ID | |||
|---|---|---|---|
| CVE-2025-27063 | CVE-2025-47320 | CVE-2025-47321 | CVE-2025-47322 |
| CVE-2025-47323 | CVE-2025-47350 | CVE-2025-47372 | CVE-2025-47382 |
| CVE-2025-47387 | |||
Change log
| Versione | Note | Data |
|---|---|---|
| 1.0 | Pubblicato il 02-12-2025 | 02/12/2025 |
Il presente articolo è un prodotto originale di csirt.gov.it, riproposto qui a solo scopo di aumentarne la visibilità. Può essere visualizzato in versione originale al seguente link
Ultimo aggiornamento
2 Dicembre 2025, 17:54