CVE-2025-47320

Q: What is the severity of CVE-2025-47320?

CVE-2025-47320 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption during MFC channel configuration while playing music, potentially enabling arbitrary code execution. It affects devices with Qualcomm chipsets that use the vulnerable multimedia framework component. Attackers could exploit this to compromise device security.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption during MFC channel configuration while playing music, potentially enabling arbitrary code execution. It affects devices with Qualcomm chipsets that use the vulnerable multimedia framework component. Attackers could exploit this to compromise device security.

💻 Affected Systems

Products:

Qualcomm chipsets with MFC (Multimedia Framework Component)

Versions: Specific versions not detailed in reference; check Qualcomm advisory for exact affected chipsets

Operating Systems: Android, Linux-based systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Requires music playback functionality to be triggered; affects devices with vulnerable Qualcomm multimedia components

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Application crashes, denial of service, or limited code execution in media processing context

🟢

If Mitigated

Application crashes without code execution if memory protections are enabled

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering music playback with malicious configuration; no public exploits known

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific chipset firmware updates

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset list. 2. Contact device manufacturer for firmware update. 3. Apply firmware update. 4. Reboot device.

🔧 Temporary Workarounds

Disable music playback apps

all

Temporarily disable or restrict music/media playback applications

Restrict media file processing

all

Block processing of untrusted media files

🧯 If You Can't Patch

Network segmentation to isolate vulnerable devices
Implement application allowlisting to prevent unauthorized media apps

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory

Check Version:

adb shell getprop ro.bootloader (Android) or check system firmware info

Verify Fix Applied:

Verify firmware version matches patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

Media framework crashes
Unexpected memory access errors in multimedia processes

Network Indicators:

Unusual media file transfers to devices

SIEM Query:

Process:media.* AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2025-47320

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (2.5th percentile)

Published: December 18, 2025

Last Updated: January 27, 2026

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

9206 Lte Modem Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qualcomm 215 Mobile Platform Firmware by Qualcomm

Robotics Rb2 Platform Firmware by Qualcomm

Robotics Rb5 Platform Firmware by Qualcomm

Sa2150p Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm