CVE-2025-59614— Out-of-bounds Write in Windows Compute
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-59614
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-bounds Write in Windows Compute
Source: NVD (National Vulnerability Database)
Vulnerability Description
Memory Corruption when sending random number generator command with insufficient output buffer size.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon | Cologne | - |
II. Public POCs for CVE-2025-59614
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-59614
请登录查看更多情报信息。
Same Patch Batch · Qualcomm, Inc. · 2026-06-01 · 22 CVEs total
| CVE-2026-25276 | 8.8 HIGH | Improper Validation of Array Index in Secure Processor |
| CVE-2026-25277 | 8.8 HIGH | Buffer Copy Without Checking Size of Input in Secure Processor |
| CVE-2026-24088 | 8.2 HIGH | Missing Authentication for Critical Function in Boot |
| CVE-2026-25260 | 7.8 HIGH | Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service |
| CVE-2026-25259 | 7.8 HIGH | Out-of-bounds Write in DSP Service |
| CVE-2026-25258 | 7.8 HIGH | Out-of-bounds Read in DSP Service |
| CVE-2025-59604 | 7.8 HIGH | NULL Pointer Dereference in SPS Applications |
| CVE-2025-59605 | 7.8 HIGH | Out-of-bounds Write in HLOS |
| CVE-2025-59606 | 7.8 HIGH | NULL Pointer Dereference in HLOS |
| CVE-2026-24087 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Kernel |
| CVE-2026-24085 | 7.2 HIGH | Stack-based Buffer Overflow in Display |
| CVE-2026-24089 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Kernel |
| CVE-2026-24091 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Display |
| CVE-2026-24092 | 7.2 HIGH | Improper Validation of Syntactic Correctness of Input in Display |
| CVE-2026-24090 | 7.1 HIGH | Missing Authentication for Critical Function in HLOS |
| CVE-2025-59613 | 6.7 MEDIUM | Stack-based Buffer Overflow in Windows Compute |
| CVE-2025-59612 | 6.7 MEDIUM | Stack-based Buffer Overflow in Windows Compute |
| CVE-2025-59611 | 6.7 MEDIUM | Out-of-bounds Write in Core Services |
| CVE-2025-59601 | 6.5 MEDIUM | Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware |
| CVE-2025-59610 | 6.4 MEDIUM | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Snapdragon
- CVE-2026-25277
Buffer Copy Without Checking Size of Input in Secure Process - CVE-2026-25276
Improper Validation of Array Index in Secure Processor - CVE-2026-25260
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Ser - CVE-2026-25259
Out-of-bounds Write in DSP Service - CVE-2026-25258
Out-of-bounds Read in DSP Service
Same vendor: Qualcomm, Inc.
- CVE-2026-25277
Buffer Copy Without Checking Size of Input in Secure Process - CVE-2026-25276
Improper Validation of Array Index in Secure Processor - CVE-2026-25260
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Ser - CVE-2026-25259
Out-of-bounds Write in DSP Service - CVE-2026-25258
Out-of-bounds Read in DSP Service
Same weakness: CWE-787
V. Comments for CVE-2025-59614
No comments yet