CVE-2025-47394

Q: What is the severity of CVE-2025-47394?

CVE-2025-47394 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in Qualcomm components where incorrect offset calculations during overlapping buffer copy operations can lead to arbitrary code execution. It affects devices using vulnerable Qualcomm chipsets, potentially including smartphones, IoT devices, and embedded systems.

7.8 HIGH

Buffer Overflow

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm components where incorrect offset calculations during overlapping buffer copy operations can lead to arbitrary code execution. It affects devices using vulnerable Qualcomm chipsets, potentially including smartphones, IoT devices, and embedded systems.

💻 Affected Systems

Products:

Qualcomm chipsets and associated firmware

Versions: Specific versions not detailed in provided reference; consult Qualcomm January 2026 bulletin

Operating Systems: Android, Linux-based embedded systems using affected Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with vulnerable Qualcomm hardware/firmware; exact product list requires vendor advisory review

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crashes, denial of service, or limited information disclosure in constrained environments.

🟢

If Mitigated

Controlled crashes without code execution if memory protections like ASLR and DEP are properly implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Memory corruption vulnerabilities often require specific conditions to achieve reliable exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm January 2026 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset/firmware versions. 2. Obtain firmware updates from device manufacturer. 3. Apply updates following manufacturer instructions. 4. Reboot device to activate patches.

🔧 Temporary Workarounds

Memory protection enforcement

all

Ensure Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) are enabled to reduce exploit reliability

🧯 If You Can't Patch

Isolate affected devices on segmented networks with strict access controls
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check device firmware/chipset version against Qualcomm's January 2026 security bulletin

Check Version:

Device-specific commands vary by manufacturer; typically 'cat /proc/version' or device settings > about

Verify Fix Applied:

Verify firmware version matches patched versions listed in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes, memory access violation errors in system logs

Network Indicators:

Unusual outbound connections from embedded devices

SIEM Query:

Process termination events with memory violation error codes from embedded systems

📊 Metadata

CVE ID: CVE-2025-47394

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.02% exploit probability (2.5th percentile)

Published: January 7, 2026

Last Updated: January 27, 2026

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Sg6150 Firmware by Qualcomm

Sg6150p Firmware by Qualcomm

Sm6475 Firmware by Qualcomm

Sm7435 Firmware by Qualcomm

Sm8735 Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 6 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Sxr2330p Firmware by Qualcomm

Sxr2350p Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn7750 Firmware by Qualcomm

Wcn7860 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7880 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm