Memory corruption when parsing GP command response in Windows
CVE-2025-27074 Published on November 4, 2025
Incorrect Calculation of Buffer Size in SCE-Mink
Memory corruption while processing a GP command response.
Vulnerability Analysis
CVE-2025-27074 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Incorrect Calculation of Buffer Size
The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
Products Associated with CVE-2025-27074
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-27074 are published in these products:
Affected Versions
Qualcomm, Inc. Snapdragon:- Version APQ8064AU is affected.
- Version CSR8811 is affected.
- Version Immersive Home 214 Platform is affected.
- Version Immersive Home 216 Platform is affected.
- Version Immersive Home 316 Platform is affected.
- Version Immersive Home 318 Platform is affected.
- Version IPQ5010 is affected.
- Version IPQ5028 is affected.
- Version IPQ8070 is affected.
- Version IPQ8070A is affected.
- Version IPQ8071 is affected.
- Version IPQ8071A is affected.
- Version IPQ8072 is affected.
- Version IPQ8072A is affected.
- Version IPQ8074 is affected.
- Version IPQ8074A is affected.
- Version IPQ8076 is affected.
- Version IPQ8076A is affected.
- Version IPQ8078 is affected.
- Version IPQ8078A is affected.
- Version IPQ8173 is affected.
- Version IPQ8174 is affected.
- Version IPQ9008 is affected.
- Version IPQ9574 is affected.
- Version MDM9640 is affected.
- Version MDM9650 is affected.
- Version MSM8996AU is affected.
- Version PMP8074 is affected.
- Version QCA4024 is affected.
- Version QCA6174A is affected.
- Version QCA6234 is affected.
- Version QCA6310 is affected.
- Version QCA6320 is affected.
- Version QCA6428 is affected.
- Version QCA6438 is affected.
- Version QCA6564A is affected.
- Version QCA6564AU is affected.
- Version QCA6574 is affected.
- Version QCA6574A is affected.
- Version QCA6574AU is affected.
- Version QCA6584AU is affected.
- Version QCA6694 is affected.
- Version QCA8072 is affected.
- Version QCA8075 is affected.
- Version QCA8081 is affected.
- Version QCA9888 is affected.
- Version QCA9889 is affected.
- Version QCA9984 is affected.
- Version QCN5022 is affected.
- Version QCN5024 is affected.
- Version QCN5052 is affected.
- Version QCN5054 is affected.
- Version QCN5064 is affected.
- Version QCN5122 is affected.
- Version QCN5124 is affected.
- Version QCN5152 is affected.
- Version QCN5154 is affected.
- Version QCN5164 is affected.
- Version QCN5550 is affected.
- Version QCN6023 is affected.
- Version QCN6024 is affected.
- Version QCN6100 is affected.
- Version QCN6102 is affected.
- Version QCN6112 is affected.
- Version QCN6122 is affected.
- Version QCN6132 is affected.
- Version QCN9000 is affected.
- Version QCN9001 is affected.
- Version QCN9002 is affected.
- Version QCN9003 is affected.
- Version QCN9012 is affected.
- Version QCN9022 is affected.
- Version QCN9024 is affected.
- Version QCN9070 is affected.
- Version QCN9072 is affected.
- Version QCN9074 is affected.
- Version QCN9100 is affected.
- Version QCN9274 is affected.
- Version SD820 is affected.
- Version SD821 is affected.
- Version SDM429W is affected.
- Version SDX55 is affected.
- Version Snapdragon 429 Mobile Platform is affected.
- Version Snapdragon 820 Automotive Platform is affected.
- Version Snapdragon 820 Mobile Platform is affected.
- Version Snapdragon 821 Mobile Platform is affected.
- Version Snapdragon Wear 4100+ Platform is affected.
- Version WCD9335 is affected.
- Version WCN3610 is affected.
- Version WCN3620 is affected.
- Version WCN3660B is affected.
- Version WCN3680B is affected.
- Version WCN3980 is affected.
- Version WSA8810 is affected.
- Version WSA8815 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.