CVE-2025-47365

Q: What is the severity of CVE-2025-47365?

CVE-2025-47365 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to cause memory corruption by sending large input data through a communication interface. It affects systems using Qualcomm components that process untrusted input from network sources. Successful exploitation could lead to denial of service or arbitrary code execution.

7.8 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to cause memory corruption by sending large input data through a communication interface. It affects systems using Qualcomm components that process untrusted input from network sources. Successful exploitation could lead to denial of service or arbitrary code execution.

💻 Affected Systems

Products:

Qualcomm chipsets and components

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected products.

Operating Systems: Android, embedded systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Qualcomm hardware that process network data; exact product list requires checking vendor advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and potential lateral movement within the network.

🟠

Likely Case

Denial of service causing system crashes or instability when processing malicious input.

🟢

If Mitigated

Limited impact with proper input validation and memory protection mechanisms in place.

🌐 Internet-Facing: HIGH - Remote exploitation possible via communication interfaces exposed to untrusted networks.

🏢 Internal Only: MEDIUM - Requires network access but could be exploited internally via lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific large input data but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm November 2025 security bulletin for specific patches

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Review Qualcomm November 2025 security bulletin. 2. Identify affected components in your system. 3. Apply firmware/software updates from device manufacturer. 4. Reboot affected systems.

🔧 Temporary Workarounds

Input validation and size limits

all

Implement strict input validation and size limits on communication interfaces

Network segmentation

all

Restrict network access to affected communication interfaces

🧯 If You Can't Patch

Implement strict network filtering and firewall rules to limit access to vulnerable interfaces
Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check system firmware/software versions against Qualcomm advisory; systems using affected Qualcomm components are vulnerable.

Check Version:

System-specific commands vary; check device manufacturer documentation for version checking.

Verify Fix Applied:

Verify firmware/software has been updated to versions listed in Qualcomm security bulletin as patched.

📡 Detection & Monitoring

Log Indicators:

System crashes, memory allocation errors, abnormal process termination related to communication interfaces

Network Indicators:

Unusually large data packets sent to communication interfaces, repeated connection attempts with malformed data

SIEM Query:

source="network_logs" AND (packet_size>threshold OR pattern="malformed_input")

📊 Metadata

CVE ID: CVE-2025-47365

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: November 4, 2025

Last Updated: November 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8695au Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Srv1h Firmware by Qualcomm

Srv1l Firmware by Qualcomm

Srv1m Firmware by Qualcomm