CVE-2025-47346

Q: What is the severity of CVE-2025-47346?

CVE-2025-47346 has a CVSS score of 7.8 (HIGH). This vulnerability involves memory corruption in the trusted application's secure logging command processing, which could allow attackers to execute arbitrary code or cause denial of service. It affects systems using Qualcomm chipsets with vulnerable trusted applications, primarily impacting mobile devices and embedded systems.

7.8 HIGH

📋 TL;DR

This vulnerability involves memory corruption in the trusted application's secure logging command processing, which could allow attackers to execute arbitrary code or cause denial of service. It affects systems using Qualcomm chipsets with vulnerable trusted applications, primarily impacting mobile devices and embedded systems.

💻 Affected Systems

Products:

Qualcomm chipsets with vulnerable trusted applications

Versions: Specific versions not publicly detailed in the reference

Operating Systems: Android and other embedded OS using Qualcomm chips

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to trusted application interfaces; typically requires local access or malicious app installation

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the trusted execution environment, allowing persistent malware installation, credential theft, and device takeover.

🟠

Likely Case

Application crashes, denial of service, or limited information disclosure from the trusted environment.

🟢

If Mitigated

Isolated crashes in trusted applications without affecting the main operating system.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires understanding of trusted application memory layout and secure logging mechanisms

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm January 2026 security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Disable unnecessary trusted applications

all

Reduce attack surface by disabling non-essential trusted applications

Restrict trusted application access

all

Implement strict access controls to trusted application interfaces

🧯 If You Can't Patch

Isolate affected devices from critical networks
Implement application allowlisting to prevent malicious app installation

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm security bulletin; examine trusted application logs for corruption indicators

Check Version:

Device-specific commands vary by manufacturer; typically in Settings > About Phone > Build Number

Verify Fix Applied:

Verify firmware version has been updated to patched version; test secure logging functionality

📡 Detection & Monitoring

Log Indicators:

Trusted application crashes
Secure logging failures
Memory access violations in trusted environment

Network Indicators:

Unusual trusted application communication patterns

SIEM Query:

Search for trusted application crash events or secure logging failures in device logs

📊 Metadata

CVE ID: CVE-2025-47346

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (2.5th percentile)

Published: January 7, 2026

Last Updated: January 27, 2026

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs615 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sm4635 Firmware by Qualcomm

Sm6475 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm6650p Firmware by Qualcomm

Sm7435 Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7635p Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8650q Firmware by Qualcomm

Sm8735 Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 6 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Snapdragon Ar1 Gen 1 Platform \"luna1\" Firmware by Qualcomm

Snapdragon Ar1 Gen 1 Platform Firmware by Qualcomm