Several vulnerabilities were identified in Qualcomm's latest security update for March 2025 that impacted many products, including automotive systems, mobile chipsets, and networking devices. There are several critical security issues in this security bulletin, including memory corruption risks and input validation flaws that could pose a significant security risk if exploited to compromise the system.
The Qualcomm Security Updates are intended to improve the security of Qualcomm's technology ecosystem as well as strengthen its protection against possible cyber threats. There had been multiple security vulnerabilities identified and resolved by Qualcomm and MediaTek over the last few weeks, some of which had already been addressed by their respective Android updates, which were deployed in the previous weeks.
Qualcomm released the March 2025 Security Bulletin, which outlined 14 vulnerabilities, all of which were addressed via upstream updates to its proprietary software, highlighting the serious potential risks associated with these security vulnerabilities. These security flaws are most of the time classified as critical or high severity, highlighting the seriousness of the threat they pose to users.
Several of the vulnerabilities identified by Qualcomm include memory corruption, affecting Qualcomm's automotive software platform based on the QNX operating system.
Qualcomm has also released patches to resolve five high-severity vulnerabilities, which could result in information disclosures, denial-of-service (DoS) attacks, and memory corruption as a result.
Furthermore, two moderate-severity flaws have been addressed as part of the latest security updates launched by the semiconductor manufacturer.
The semiconductor manufacturer has also resolved seven high-severity defects and six medium-severe defects within open-source components launched by the manufacturer.
As a result of these security patches, Qualcomm emphasized that OEMs (original equipment manufacturers) are being actively notified of the updates and urged them to implement the fixes on deployed devices as soon as possible.
It is noteworthy that Google's March 2025 Android security update addressed three of the identified vulnerabilities: CVE-2024-43051, CVE-2025-53011, and CVE-2024-53025.
It has been revealed that MediaTek has discovered ten security vulnerabilities that impact multiple chipsets. As part of the release of the company's fixes, three high-severity issues have been found, including a memory corruption flaw in modems, which can lead to DoS attacks, as well as an out-of-bounds write vulnerability in KeyInstall and WLAN, which can lead to escalation of privileges.
This security bulletin from Qualcomm not only addresses vulnerabilities identified in proprietary software, but also vulnerabilities in open-source components that Qualcomm's products are integrated with. There are several security flaws affecting Android operating systems, camera drivers, and multimedia frameworks, among others.
Qualcomm intends to mitigate the potential risks of these vulnerabilities by informing its customers and partners and strongly urging that patches be deployed as soon as possible to mitigate these risks.
Users of Qualcomm-powered devices should check with their device manufacturers to learn about the availability of security updates and patches for those devices.
During the last few months, Qualcomm has released a series of security updates demonstrating its commitment to increasing cybersecurity across all its product lines. By addressing critical vulnerabilities and working closely with original equipment manufacturers (OEMs) to facilitate timely patch deployments, the company aims to decrease security risks and enhance the integrity of its systems.
As the threat of cyber-attacks continues to evolve, maintaining robust security measures through regular updates is imperative. According to Qualcomm, their users are encouraged to stay informed about security developments and to ensure they get the latest patches installed on their devices to prevent any possible exploitation of the vulnerabilities. In addition, organizations that are utilizing Snapdragon-powered systems are also encouraged to make sure that these updates are implemented promptly as a means of ensuring that their technology infrastructure is secure and reliable.
