CVE-2025-47372
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-18

Last updated on: 2025-12-23

Assigner: Qualcomm, Inc.

Description
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-47372
EUVD
EUVD-2025-204025
Affected Vendors & Products
Showing 46 associated CPEs
Vendor Product Version / Range
qualcomm qam8255p_firmware *
qualcomm qam8255p *
qualcomm qam8620p_firmware *
qualcomm qam8620p *
qualcomm qam8650p_firmware *
qualcomm qam8650p *
qualcomm qam8775p_firmware *
qualcomm qam8775p *
qualcomm qamsrv1h_firmware *
qualcomm qamsrv1h *
qualcomm qamsrv1m_firmware *
qualcomm qamsrv1m *
qualcomm qca6595_firmware *
qualcomm qca6595 *
qualcomm qca6595au_firmware *
qualcomm qca6595au *
qualcomm qca6678aq_firmware *
qualcomm qca6678aq *
qualcomm qca6696_firmware *
qualcomm qca6696 *
qualcomm qca6698aq_firmware *
qualcomm qca6698aq *
qualcomm qca6797aq_firmware *
qualcomm qca6797aq *
qualcomm sa7255p_firmware *
qualcomm sa7255p *
qualcomm sa7775p_firmware *
qualcomm sa7775p *
qualcomm sa8255p_firmware *
qualcomm sa8255p *
qualcomm sa8620p_firmware *
qualcomm sa8620p *
qualcomm sa8650p_firmware *
qualcomm sa8650p *
qualcomm sa8770p_firmware *
qualcomm sa8770p *
qualcomm sa8775p_firmware *
qualcomm sa8775p *
qualcomm sa9000p_firmware *
qualcomm sa9000p *
qualcomm srv1h_firmware *
qualcomm srv1h *
qualcomm srv1l_firmware *
qualcomm srv1l *
qualcomm srv1m_firmware *
qualcomm srv1m *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves memory corruption that occurs when a corrupted ELF (Executable and Linkable Format) image with an oversized file size is read into a buffer without proper authentication. This can lead to unexpected behavior or exploitation due to improper handling of the corrupted file.

Impact Analysis

The vulnerability can lead to high impact on confidentiality and integrity, as indicated by the CVSS score. An attacker could exploit this memory corruption to compromise system security, potentially gaining unauthorized access or causing data corruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47372. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart