CVE-2025-47370

Q: How do I fix CVE-2025-47370?

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided Bluetooth firmware patch. 3. Reboot device. 4. Verify Bluetooth functionality.

Q: What is the severity of CVE-2025-47370?

CVE-2025-47370 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending invalid Bluetooth Low Energy (LE) connection requests during a connectable scan. It affects devices with Qualcomm Bluetooth chipsets that are performing LE scans. The attack disrupts Bluetooth functionality temporarily but doesn't compromise data or allow code execution.

6.5 MEDIUM

Denial of Service

📋 TL;DR

This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending invalid Bluetooth Low Energy (LE) connection requests during a connectable scan. It affects devices with Qualcomm Bluetooth chipsets that are performing LE scans. The attack disrupts Bluetooth functionality temporarily but doesn't compromise data or allow code execution.

💻 Affected Systems

Products:

Qualcomm Bluetooth chipsets

Versions: Specific versions not publicly detailed; refer to Qualcomm November 2025 security bulletin

Operating Systems: Android, Linux-based IoT devices, embedded systems using Qualcomm Bluetooth

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices performing Bluetooth LE connectable scans. Devices not using LE scanning or with Bluetooth disabled are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent Bluetooth radio failure requiring device reboot, disrupting all Bluetooth-dependent services including medical devices, payment systems, or industrial controls.

🟠

Likely Case

Temporary Bluetooth service disruption lasting seconds to minutes, causing dropped connections and requiring manual reconnection of paired devices.

🟢

If Mitigated

Minor service interruption with automatic recovery within seconds, minimal user impact.

🌐 Internet-Facing: LOW - Requires physical proximity (Bluetooth range) and specific timing during LE scans.

🏢 Internal Only: MEDIUM - Internal attackers with physical access could disrupt Bluetooth services in sensitive environments like hospitals or industrial facilities.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires attacker to be within Bluetooth range (typically <100m) and send malformed packets during specific scan windows. Timing is critical.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm November 2025 security bulletin for specific firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided Bluetooth firmware patch. 3. Reboot device. 4. Verify Bluetooth functionality.

🔧 Temporary Workarounds

Disable Bluetooth LE scanning

all

Prevents the vulnerable state by disabling connectable LE scans

# Android: adb shell settings put global bluetooth_le_scan_mode 0
# Linux: hciconfig hci0 noscan

Reduce Bluetooth visibility

all

Set Bluetooth to non-discoverable mode to limit scan exposure

# Android: adb shell settings put global bluetooth_discoverability 0
# Linux: hciconfig hci0 piscan

🧯 If You Can't Patch

Disable Bluetooth when not in use, especially in high-risk environments
Implement physical security controls to limit Bluetooth range access

🔍 How to Verify

Check if Vulnerable:

Check if device uses Qualcomm Bluetooth and performs LE scans: 'hciconfig -a' on Linux or check Bluetooth settings on Android

Check Version:

# Linux: hciconfig -a | grep Firmware
# Android: getprop | grep bluetooth

Verify Fix Applied:

Verify Bluetooth firmware version matches patched version from Qualcomm bulletin and test LE scanning functionality

📡 Detection & Monitoring

Log Indicators:

Bluetooth stack crashes
LE scan failures
Connection request errors in Bluetooth logs

Network Indicators:

Unusual Bluetooth LE connection attempts from unknown MAC addresses
Malformed Bluetooth packets

SIEM Query:

source="bluetooth_logs" AND ("LE scan failed" OR "connection request invalid")

📊 Metadata

CVE ID: CVE-2025-47370

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

EPSS Score: 0.03% exploit probability (9.5th percentile)

Published: November 4, 2025

Last Updated: November 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6777aq Firmware by Qualcomm

Qca6787aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8695au Firmware by Qualcomm

Qcc2073 Firmware by Qualcomm

Qcc2076 Firmware by Qualcomm

Qcc5161 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcc7225 Firmware by Qualcomm

Qcc7226 Firmware by Qualcomm

Qcc7228 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn7605 Firmware by Qualcomm

Qcn7606 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs615 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

S3 Gen 2 Sound Platform Firmware by Qualcomm

S3 Sound Platform Firmware by Qualcomm

S5 Gen 2 Sound Platform Firmware by Qualcomm

S5 Sound Platform Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm