CVE-2026-25293 CRITICAL

CVE-2026-25293: Incorrect authorization in PLC FW

Vendor Qualcomm, Inc.
Product Snapdragon
Weakness CWE-863 · Incorrect authorization
Published May 4, 2026
Last update May 5, 2026
View on NVD All CVEs

CVSS base score

9.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Buffer overflow due to incorrect authorization in PLC FW

Key dates

02Disclosure timeline

May 4, 2026 CVE published
May 5, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-9376 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass CVE-2026-28473 OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command CVE-2020-24401 Incorrect permissions following the deletion of a user role or deactivation of a user CVE-2024-45128 Adobe Commerce | Incorrect Authorization (CWE-863) CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token