CVE-2025-59601: Qualcomm Fastconnect 7800 Info Disclosure

CVE-2025-59601 Overview

CVE-2025-59601 is an information disclosure vulnerability affecting multiple Qualcomm firmware components, including the QCA7005 powerline communications device. The flaw occurs when a device is reset to factory default settings through the powerline interface, exposing device configuration data to unauthorized parties on the adjacent network. The issue is classified under [CWE-1230: Exposure of Sensitive Information Through Metadata]. Qualcomm addressed the issue in its June 2026 security bulletin.

Critical Impact

An attacker with adjacent network access to the powerline interface can recover sensitive device configuration data during a factory reset, undermining the confidentiality guarantees of the reset operation.

Affected Products

• Qualcomm FastConnect 7800 Firmware
• Qualcomm QCA7005 Firmware (powerline communications)
• Qualcomm Snapdragon AR1 Gen 1 Platform, WCD9380, WCD9385, WSA8830, WSA8832, and WSA8835 Firmware

Discovery Timeline

• 2026-06-01 - CVE-2025-59601 published to the National Vulnerability Database
• 2026-06-02 - Last updated in NVD database

Technical Details for CVE-2025-59601

Vulnerability Analysis

The vulnerability is an information disclosure weakness tied to the factory reset workflow exposed over the powerline communications interface. When a user or administrator initiates a factory default reset through this interface, the device fails to adequately protect configuration data during the reset sequence. An attacker positioned on the same powerline segment can observe or query this data without authentication.

The weakness maps to [CWE-1230], which covers exposure of sensitive information through metadata. Affected Qualcomm chips and firmware are commonly integrated into networking, audio, and extended reality hardware that may use HomePlug-style powerline links for management or pairing operations.

No user interaction is required to trigger disclosure, and no privileges are needed on the target device. However, attack reach is restricted because the adversary must be connected to the same adjacent (powerline) network as the victim device.

Root Cause

The root cause is improper protection of device configuration data during the factory default reset sequence handled by the powerline interface stack. Configuration metadata that should be cleared, encrypted, or restricted before being transmitted or made queryable on the powerline link remains accessible to other nodes on that link.

Attack Vector

Exploitation requires adjacent network access through the powerline interface. An attacker connects a powerline-capable device to the same electrical network segment as the target. When the target is reset to factory defaults, the attacker captures or requests configuration data exposed during that operation. The disclosed data may include network identifiers, keys, or other settings useful for follow-on attacks against the device or the network it belongs to.

No verified proof-of-concept exploit is publicly available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Refer to the Qualcomm Security Bulletin June 2026 for vendor-supplied technical context.

Detection Methods for CVE-2025-59601

Indicators of Compromise

• Unexpected factory reset events on powerline-attached Qualcomm devices, particularly those using the QCA7005 chipset.
• Unknown or unauthorized powerline nodes appearing on the management segment around the time of a reset event.
• Configuration drift on devices immediately after reset, such as altered network membership keys or pairing state.

Detection Strategies

• Inventory all devices that include affected Qualcomm firmware components and verify whether powerline management is enabled.
• Monitor device management logs for factory reset operations and correlate against authorized change windows.
• Where supported, enable powerline network membership key rotation and audit logs to identify unauthorized node associations.

Monitoring Recommendations

• Track firmware versions against the fixed versions listed in the Qualcomm Security Bulletin June 2026.
• Alert on any unexplained reset-to-defaults events for embedded devices in production environments.
• Review physical and electrical access controls for environments where powerline communications are in use.

How to Mitigate CVE-2025-59601

Immediate Actions Required

• Identify all assets running affected Qualcomm firmware, including FastConnect 7800, QCA7005, Snapdragon AR1 Gen 1, WCD9380/9385, and WSA8830/8832/8835 components.
• Apply the firmware updates referenced in the Qualcomm June 2026 security bulletin as soon as device vendors make them available.
• Restrict factory reset operations on powerline-connected devices to controlled maintenance windows with no untrusted nodes on the segment.

Patch Information

Qualcomm published fixes in the Qualcomm Security Bulletin June 2026. Because Qualcomm components are typically integrated by OEMs, end users must obtain updated firmware from their device manufacturer. Coordinate with hardware vendors to confirm patch availability and deployment paths for each affected SKU.

Workarounds

• Disable powerline management interfaces on affected devices where the functionality is not required.
• Segment powerline networks so that affected devices share segments only with trusted, authenticated nodes.
• Avoid performing factory resets over the powerline interface; use a wired or local administrative path until patched firmware is deployed.
• Rotate any keys, credentials, or network identifiers that may have been exposed during prior factory reset operations on affected devices.