CVE-2025-47343

Q: What is the severity of CVE-2025-47343?

CVE-2025-47343 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in Qualcomm video processing components that could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects devices using Qualcomm chipsets with vulnerable video processing firmware. Attackers could potentially exploit this by sending specially crafted video parameters to trigger the memory corruption.

7.8 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm video processing components that could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects devices using Qualcomm chipsets with vulnerable video processing firmware. Attackers could potentially exploit this by sending specially crafted video parameters to trigger the memory corruption.

💻 Affected Systems

Products:

Qualcomm chipsets with video processing capabilities

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipset models and firmware versions.

Operating Systems: Android, Linux-based systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm video processing components enabled. Mobile devices, IoT devices, and embedded systems using affected Qualcomm chipsets are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation on affected devices.

🟠

Likely Case

Application crash or denial of service affecting video functionality, potentially requiring device restart.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM - Requires video session initiation which may be possible through web-based video applications.

🏢 Internal Only: MEDIUM - Could be exploited through internal applications or services using video processing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to initiate video sessions and send crafted parameters. Memory corruption vulnerabilities typically require specific conditions to achieve reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for affected chipset models. 2. Contact device manufacturer for firmware updates. 3. Apply firmware updates provided by device OEM. 4. Reboot device after update installation.

🔧 Temporary Workarounds

Disable vulnerable video components

all

Temporarily disable or restrict access to video processing features if not required

# System-specific commands would depend on device configuration

Network segmentation

all

Isolate devices with vulnerable components from untrusted networks

🧯 If You Can't Patch

Implement strict network controls to limit video session initiation from untrusted sources
Monitor for abnormal video processing behavior or crashes in system logs

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's affected products list

Check Version:

# Android: getprop ro.bootloader or check Settings > About phone
# Linux-based: Check /proc/cpuinfo and firmware version

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Video processing service crashes
Memory corruption errors in system logs
Abnormal video session termination

Network Indicators:

Unusual video session initiation patterns
Multiple failed video parameter negotiations

SIEM Query:

source="system_logs" AND ("video" OR "memory corruption" OR "segfault") AND process="video_processor"

📊 Metadata

CVE ID: CVE-2025-47343

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-822

EPSS Score: 0.02% exploit probability (2.5th percentile)

Published: January 7, 2026

Last Updated: January 12, 2026

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cologne Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378c Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm

X2000077 Firmware by Qualcomm

X2000086 Firmware by Qualcomm

X2000090 Firmware by Qualcomm

X2000092 Firmware by Qualcomm

X2000094 Firmware by Qualcomm

Xg101002 Firmware by Qualcomm

Xg101032 Firmware by Qualcomm

Xg101039 Firmware by Qualcomm