CVE-2025-47387

Q: What is the severity of CVE-2025-47387?

CVE-2025-47387 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption when processing JPEG data through IOCTL calls without proper validation. Attackers could potentially execute arbitrary code or cause denial of service. This affects systems using Qualcomm components that handle JPEG processing.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption when processing JPEG data through IOCTL calls without proper validation. Attackers could potentially execute arbitrary code or cause denial of service. This affects systems using Qualcomm components that handle JPEG processing.

💻 Affected Systems

Products:

Qualcomm chipsets with JPEG processing capabilities

Versions: Specific versions not detailed in reference; check Qualcomm advisory

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm hardware that processes JPEG images through vulnerable drivers

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and persistent access

🟠

Likely Case

Local privilege escalation or denial of service affecting system stability

🟢

If Mitigated

Limited impact with proper memory protections and exploit mitigations in place

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires sending specially crafted JPEG data to vulnerable IOCTL interface

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm December 2025 security bulletin for specific versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset versions. 2. Obtain firmware/driver updates from device manufacturer. 3. Apply updates following manufacturer instructions. 4. Reboot system.

🔧 Temporary Workarounds

Restrict JPEG processing

all

Limit applications that can send JPEG data to vulnerable drivers

Disable vulnerable drivers

linux

Temporarily disable affected JPEG processing drivers if not essential

🧯 If You Can't Patch

Implement strict input validation for JPEG data processing
Isolate systems with vulnerable components from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check device chipset and firmware version against Qualcomm advisory

Check Version:

Device-specific commands vary; consult manufacturer documentation

Verify Fix Applied:

Verify firmware/driver version matches patched versions in Qualcomm bulletin

📡 Detection & Monitoring

Log Indicators:

Unusual IOCTL calls to JPEG processing drivers
Driver crashes or memory errors

Network Indicators:

Unexpected JPEG data transfers to system components

SIEM Query:

Process: (driver_name) AND Event: (Memory Access Violation OR IOCTL)

📊 Metadata

CVE ID: CVE-2025-47387

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-822

EPSS Score: 0.02% exploit probability (2.5th percentile)

Published: December 18, 2025

Last Updated: January 28, 2026

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sc8180x\+sdx55 Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Snapdragon 7c Compute Platform \(sc7180 Ac\) Firmware by Qualcomm

Snapdragon 7c Gen 2 Compute Platform \(sc7180 Ad\) Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon 8c Compute Platform \(sc8180x Ad\) Firmware by Qualcomm

Snapdragon 8c Compute Platform \(sc8180xp Ad\) Firmware by Qualcomm

Snapdragon 8cx Compute Platform \(sc8180x Aa\) Firmware by Qualcomm

Snapdragon 8cx Compute Platform \(sc8180x Ab\) Firmware by Qualcomm

Snapdragon 8cx Compute Platform \(sc8180xp Ac\) Firmware by Qualcomm

Snapdragon 8cx Compute Platform \(sc8180xp Af\) Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Ac\) Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Af\) Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Aa\) Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Ab\) Firmware by Qualcomm

Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Ab\) Firmware by Qualcomm

Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Bb\) Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm