7.2
CVE-2025-47383 - Missing Cryptographic Step in Data Modem
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
7.8
CVE-2025-47381 - Use After Free in Automotive Audio
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
7.8
CVE-2025-47379 - Use After Free in Automotive Audio
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
7.1
CVE-2025-47378 - Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
7.8
CVE-2025-47377 - Use After Free in Automotive Audio
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
7.8
CVE-2025-47376 - Use After Free in Automotive Audio
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
7.8
CVE-2025-47375 - Use After Free in Automotive Audio
Memory corruption while handling different IOCTL calls from the user-space simultaneously.
7.8
CVE-2025-47373 - Out-of-bounds Write in Automotive
Memory Corruption when accessing buffers with invalid length during TA invocation.
6.5
CVE-2025-47371 - Reachable Assertion in Modem
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
7.1
CVE-2025-64427 - ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or pโฆ