CVE-2025-59601 - Vulnerability Details

- Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware

Description

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.

Published: 2026-06-01

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`QCA7005`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:qca7005_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca7005:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Qualcomm

Snapdragon

95%

Version	Status	Scheme	Platform
`QCA7005`	affected	generic	['snapdragon_auto']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00107.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

History

Tue, 02 Jun 2026 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm fastconnect 7800 Qualcomm fastconnect 7800 Firmware Qualcomm qca7005 Qualcomm qca7005 Firmware Qualcomm snapdragon Ar1 Gen 1 Platform Qualcomm snapdragon Ar1 Gen 1 Platform Firmware Qualcomm wcd9380 Qualcomm wcd9380 Firmware Qualcomm wcd9385 Qualcomm wcd9385 Firmware Qualcomm wsa8830 Qualcomm wsa8830 Firmware Qualcomm wsa8832 Qualcomm wsa8832 Firmware Qualcomm wsa8835 Qualcomm wsa8835 Firmware
CPEs		cpe:2.3:h:qualcomm:fastconnect_7800:-:::::::* cpe:2.3:h:qualcomm:qca7005:-:::::::* cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:h:qualcomm:wcd9385:-:::::::* cpe:2.3:h:qualcomm:wsa8830:-:::::::* cpe:2.3:h:qualcomm:wsa8832:-:::::::* cpe:2.3:h:qualcomm:wsa8835:-:::::::* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::* cpe:2.3:o:qualcomm:qca7005_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8832_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::*
Vendors & Products		Qualcomm fastconnect 7800 Qualcomm fastconnect 7800 Firmware Qualcomm qca7005 Qualcomm qca7005 Firmware Qualcomm snapdragon Ar1 Gen 1 Platform Qualcomm snapdragon Ar1 Gen 1 Platform Firmware Qualcomm wcd9380 Qualcomm wcd9380 Firmware Qualcomm wcd9385 Qualcomm wcd9385 Firmware Qualcomm wsa8830 Qualcomm wsa8830 Firmware Qualcomm wsa8832 Qualcomm wsa8832 Firmware Qualcomm wsa8835 Qualcomm wsa8835 Firmware

Tue, 02 Jun 2026 00:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 02 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm snapdragon
Vendors & Products		Qualcomm Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type	Values Removed	Values Added
Description		Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
Title		Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware
Weaknesses		CWE-1230
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Qualcomm Fastconnect 7800 Fastconnect 7800 Firmware Qca7005 Qca7005 Firmware Snapdragon Snapdragon Ar1 Gen 1 Platform Snapdragon Ar1 Gen 1 Platform Firmware Wcd9380 Wcd9380 Firmware Wcd9385 Wcd9385 Firmware Wsa8830 Wsa8830 Firmware Wsa8832 Wsa8832 Firmware Wsa8835 Wsa8835 Firmware

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2026-06-01T22:05:23.166Z

Updated: 2026-06-01T23:48:28.597Z

Reserved: 2025-09-18T03:19:23.201Z

Link: CVE-2025-59601

Vulnrichment

Updated: 2026-06-01T23:48:25.521Z

NVD

Status : Analyzed

Published: 2026-06-01T23:16:15.477

Modified: 2026-06-02T18:00:59.050

Link: CVE-2025-59601

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-02T00:00:13Z

Weaknesses

CWE-1230

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object