CVE-2025-47327

Q: What is the severity of CVE-2025-47327?

CVE-2025-47327 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in Qualcomm image encoding components allows attackers to execute arbitrary code or cause denial of service. This affects devices using Qualcomm chipsets with vulnerable image processing libraries. The vulnerability is triggered when processing specially crafted image data.

7.8 HIGH

📋 TL;DR

A memory corruption vulnerability in Qualcomm image encoding components allows attackers to execute arbitrary code or cause denial of service. This affects devices using Qualcomm chipsets with vulnerable image processing libraries. The vulnerability is triggered when processing specially crafted image data.

💻 Affected Systems

Products:

Qualcomm chipsets with image processing components

Versions: Specific versions listed in September 2025 Qualcomm security bulletin

Operating Systems: Android, Linux-based systems using Qualcomm chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm image encoding libraries enabled. Check Qualcomm bulletin for specific chipset models.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash or denial of service affecting image processing functionality.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires specially crafted image data but no authentication. Memory corruption vulnerabilities can be challenging to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in September 2025 Qualcomm security updates

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for your specific chipset. 2. Obtain firmware/software updates from device manufacturer. 3. Apply patches following manufacturer instructions. 4. Reboot device to activate fixes.

🔧 Temporary Workarounds

Disable vulnerable image processing

all

Disable or restrict access to image encoding functionality if not required

Input validation for image data

all

Implement strict validation of image files before processing

🧯 If You Can't Patch

Network segmentation to isolate affected devices
Implement application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm security bulletin. Review system logs for image processing crashes.

Check Version:

Device-specific commands vary by manufacturer. Typically: 'getprop ro.build.fingerprint' (Android) or check firmware version in device settings.

Verify Fix Applied:

Verify firmware version has been updated to patched version. Test image processing functionality.

📡 Detection & Monitoring

Log Indicators:

Image processing service crashes
Memory access violation errors in system logs
Unexpected process termination

Network Indicators:

Unusual image file transfers to devices
Exploit traffic patterns if known

SIEM Query:

source="system_logs" AND ("segmentation fault" OR "access violation" OR "image encode")

📊 Metadata

CVE ID: CVE-2025-47327

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: September 24, 2025

Last Updated: September 25, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon 8c Compute Platform \(sc8180x Ad\) Firmware by Qualcomm

Snapdragon 8c Compute Platform \(sc8180xp Ad\) Firmware by Qualcomm

Snapdragon 8cx Compute Platform \(sc8180x Aa\) Firmware by Qualcomm

Snapdragon 8cx Compute Platform \(sc8180x Ab\) Firmware by Qualcomm

Snapdragon 8cx Compute Platform \(sc8180xp Ac\) Firmware by Qualcomm

Snapdragon 8cx Compute Platform \(sc8180xp Af\) Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Ac\) Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Af\) Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Aa\) Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Ab\) Firmware by Qualcomm

Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Ab\) Firmware by Qualcomm

Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Bb\) Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm