CVE-2025-47318
📋 TL;DR
This vulnerability allows attackers to cause a denial of service (DoS) condition by sending specially crafted EPTM test control messages. It affects systems using Qualcomm components that process these messages, potentially impacting device availability and stability.
💻 Affected Systems
- Qualcomm chipsets and components with EPTM functionality
📦 What is this software?
Flight Rb5 5g Platform Firmware by Qualcomm
Immersive Home 214 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 214 Platform Firmware →
Immersive Home 216 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 216 Platform Firmware →
Immersive Home 316 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 316 Platform Firmware →
Immersive Home 318 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 318 Platform Firmware →
S3 Gen 2 Sound Platform Firmware by Qualcomm
S5 Gen 2 Sound Platform Firmware by Qualcomm
Smart Audio 400 Platform Firmware by Qualcomm
Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 778g 5g Mobile Platform Firmware →
Snapdragon 778g\+ 5g Mobile Platform \(sm7325 Ae\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 778g\+ 5g Mobile Platform \(sm7325 Ae\) Firmware →
Snapdragon 782g Mobile Platform \(sm7325 Af\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 782g Mobile Platform \(sm7325 Af\) Firmware →
Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 820 Automotive Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 820 Automotive Platform Firmware →
Snapdragon 865 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 865 5g Mobile Platform Firmware →
Snapdragon 865\+ 5g Mobile Platform \(sm8250 Ab\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 865\+ 5g Mobile Platform \(sm8250 Ab\) Firmware →
Snapdragon 870 5g Mobile Platform \(sm8250 Ac\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 870 5g Mobile Platform \(sm8250 Ac\) Firmware →
Snapdragon 888 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 888 5g Mobile Platform Firmware →
Snapdragon 888\+ 5g Mobile Platform \(sm8350 Ac\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 888\+ 5g Mobile Platform \(sm8350 Ac\) Firmware →
Snapdragon 8c Compute Platform \(sc8180x Ad\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 8c Compute Platform \(sc8180x Ad\) Firmware →
Snapdragon 8cx Compute Platform \(sc8180x Aa\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180x Aa\) Firmware →
Snapdragon 8cx Compute Platform \(sc8180x Ab\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180x Ab\) Firmware →
Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Ac\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Ac\) Firmware →
Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Af\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Af\) Firmware →
Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Ab\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Ab\) Firmware →
Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Bb\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Bb\) Firmware →
Snapdragon Ar1 Gen 1 Platform \"luna1\" Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar1 Gen 1 Platform \"luna1\" Firmware →
Snapdragon Ar1 Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar1 Gen 1 Platform Firmware →
Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar2 Gen 1 Platform Firmware →
Snapdragon Auto 4g Modem Firmware by Qualcomm
Snapdragon Auto 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →
Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Gen 2 Firmware →
Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon W5\+ Gen 1 Wearable Platform Firmware →
Snapdragon X5 Lte Modem Firmware by Qualcomm
Snapdragon X55 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →
Snapdragon X65 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →
Snapdragon X72 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X72 5g Modem Rf System Firmware →
Snapdragon X75 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X75 5g Modem Rf System Firmware →
Snapdragon Xr2 5g Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2 5g Platform Firmware →
Snapdragon Xr2\+ Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2\+ Gen 1 Platform Firmware →
Video Collaboration Vc1 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc1 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash or reboot, rendering the device unusable until manually restarted, potentially affecting critical operations.
Likely Case
Temporary service disruption or performance degradation affecting specific functions that rely on the vulnerable component.
If Mitigated
Minimal impact with proper network segmentation and input validation controls in place.
🎯 Exploit Status
Based on CWE-126 (Buffer Over-read), exploitation likely involves sending malformed messages to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Qualcomm September 2025 security bulletin for specific patched versions.
Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html
Restart Required: Yes
Instructions:
1. Review Qualcomm September 2025 security bulletin. 2. Identify affected components in your devices. 3. Apply firmware/software updates from device manufacturers. 4. Reboot affected systems after patching.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to services that process EPTM messages to trusted networks only.
Input Validation
allImplement additional validation for EPTM test control messages at application layer if possible.
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure of vulnerable services.
- Monitor systems for unusual crash or restart patterns that might indicate exploitation attempts.
🔍 How to Verify
Check if Vulnerable:
Check device firmware/software version against Qualcomm's advisory; systems using affected Qualcomm components without September 2025 patches are vulnerable.Check Version:
Device-specific; typically 'cat /proc/version' or manufacturer-specific commands for Android/embedded systems.Verify Fix Applied:
Verify that firmware/software version matches or exceeds the patched version listed in Qualcomm's bulletin.📡 Detection & Monitoring
Log Indicators:
- Unexpected system crashes
- Kernel panic logs
- Service restart patterns related to message processing
Network Indicators:
- Unusual inbound traffic to ports/services handling EPTM messages
- Patterns of malformed network packets
SIEM Query:
source="system_logs" AND (event_type="crash" OR event_type="panic") AND process_name contains "eptm"