Critical Security Vulnerability Discovered in Qualcomm Chips

A newly discovered security vulnerability in Qualcomm processors poses a significant threat to Android users. Security researchers from Kaspersky ICS CERT warn that, in the worst-case scenario, attackers could take complete control of affected devices and access sensitive data. The vulnerability is registered under the identifier CVE-2026-25262 and affects several chip series used in a variety of Android devices. The flaw resides in the BootROM of certain Qualcomm chips, a firmware that is hardwired into the hardware. This firmware runs before the operating system starts, making the vulnerability particularly critical.

Qualcomm was informed of the issue in March 2025 and confirmed the existence of the vulnerability in April 2025. The affected chip series include MDM9x07, MDM9x45, MDM9x65, MSM8909, MSM8916, MSM8952, and SDX50. Security researchers point out that other chips may also be vulnerable. The exact number of affected devices is currently unknown, but millions of Android users are potentially at risk. A central element of the investigation is the Sahara protocol, which is used when devices switch to Emergency Download Mode (EDL).

In this specific maintenance mode, a computer can transfer software to the device before the operating system starts. Attackers with physical access to a device could bypass security mechanisms such as the Secure Boot Chain and embed malware deep within the system. The possibilities for attackers are extensive once a device is compromised. They could access stored files and contacts, read passwords and location data, and activate the camera and microphone. Complete takeover of the device is also possible, significantly increasing the dangers for users and businesses.

Particularly concerning is that such attacks do not only affect end users. Devices could also be manipulated in the supply chain, such as during transport or repairs. Security researchers warn that the risks in these areas are often underestimated. A simple restart of the device does not provide reliable protection against the installed malware. According to Kaspersky, this malware can be embedded so deeply in the system that it is difficult to detect or remove.

Compromised devices could even fake a restart, further complicating the detection of attacks. To minimize risk, security researchers recommend having devices repaired only at trusted locations and avoiding leaving smartphones or tablets unattended. Users should also control access to their devices, especially during transport or repair. The vulnerability CVE-2026-25262 affects a wide range of devices and could have far-reaching consequences. Qualcomm has announced that it is working on an update to address the vulnerability, but a specific release date for the update is still pending.