Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-25293 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-05-04 |
| Vendor | Qualcomm |
| Product | PLC Firmware |
| CVSS Score | 9.6 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
Buffer overflow due to incorrect authorization in Qualcomm PLC (Power Line Communication) firmware. The attack vector is adjacent network, requires no privileges or user interaction, and leads to high impact on confidentiality, integrity and availability. Details about specific affected models and firmware versions are available in the Qualcomm security bulletin.
Required Actions
Update Qualcomm PLC firmware to the version containing the security fix as listed in the vendor bulletin. Identify devices in your infrastructure that use Qualcomm Powerline chipsets (e.g. HomePlug AV adapters, smart home devices) and coordinate the update schedule with the hardware supplier. Until patches are deployed, restrict access to network segments where vulnerable devices operate.
Who Is Affected?
This vulnerability affects products with PLC Firmware by Qualcomm. Check the Qualcomm bulletin for the specific chipset models and OEM hardware built on top of them, then verify whether your infrastructure runs vulnerable firmware versions.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
