CVE-2025-47362

Q: What is the severity of CVE-2025-47362?

CVE-2025-47362 has a CVSS score of 6.1 (MEDIUM). This vulnerability allows information disclosure when processing messages from clients with invalid payloads. It affects systems running Qualcomm software that processes client messages, potentially exposing sensitive data to attackers.

6.1 MEDIUM

Information Disclosure

📋 TL;DR

This vulnerability allows information disclosure when processing messages from clients with invalid payloads. It affects systems running Qualcomm software that processes client messages, potentially exposing sensitive data to attackers.

💻 Affected Systems

Products:

Qualcomm products with message processing components

Versions: Specific versions not detailed in reference; check Qualcomm November 2025 bulletin

Operating Systems: Android, embedded systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems processing client messages; exact products/versions require checking Qualcomm advisory

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive information like memory contents, configuration data, or credentials could be leaked to an attacker, potentially enabling further attacks.

🟠

Likely Case

Limited information disclosure such as memory fragments or system state details that could aid attackers in reconnaissance.

🟢

If Mitigated

No information disclosure occurs; systems remain secure with proper input validation and access controls.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted invalid payloads to trigger the information disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm November 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Review Qualcomm November 2025 security bulletin. 2. Identify affected products/versions. 3. Apply vendor-provided patches or firmware updates. 4. Restart affected systems.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation for client messages to reject invalid payloads before processing.

Network Segmentation

all

Restrict access to message processing services to trusted networks only.

🧯 If You Can't Patch

Isolate affected systems from untrusted networks
Monitor logs for unusual message patterns or information disclosure attempts

🔍 How to Verify

Check if Vulnerable:

Check system version against Qualcomm advisory; if running an affected version, assume vulnerable.

Check Version:

System-specific; for Android: 'getprop ro.build.version.security_patch' or check device firmware version

Verify Fix Applied:

Verify system version matches patched version from Qualcomm bulletin after update.

📡 Detection & Monitoring

Log Indicators:

Unexpected error messages during message processing
Log entries showing invalid payload handling

Network Indicators:

Unusual traffic patterns to message processing services
Repeated connection attempts with malformed data

SIEM Query:

source="*" ("invalid payload" OR "message processing error") AND dest_port="[service_port]"

📊 Metadata

CVE ID: CVE-2025-47362

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

EPSS Score: 0.02% exploit probability (2.5th percentile)

Published: November 4, 2025

Last Updated: November 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Msm8996au Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8695au Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Snapdragon 820 Automotive Platform Firmware by Qualcomm

Srv1h Firmware by Qualcomm

Srv1l Firmware by Qualcomm

Srv1m Firmware by Qualcomm