CVE-2025-47372
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-23
Assigner: Qualcomm, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qualcomm | qam8255p_firmware | * |
| qualcomm | qam8255p | * |
| qualcomm | qam8620p_firmware | * |
| qualcomm | qam8620p | * |
| qualcomm | qam8650p_firmware | * |
| qualcomm | qam8650p | * |
| qualcomm | qam8775p_firmware | * |
| qualcomm | qam8775p | * |
| qualcomm | qamsrv1h_firmware | * |
| qualcomm | qamsrv1h | * |
| qualcomm | qamsrv1m_firmware | * |
| qualcomm | qamsrv1m | * |
| qualcomm | qca6595_firmware | * |
| qualcomm | qca6595 | * |
| qualcomm | qca6595au_firmware | * |
| qualcomm | qca6595au | * |
| qualcomm | qca6678aq_firmware | * |
| qualcomm | qca6678aq | * |
| qualcomm | qca6696_firmware | * |
| qualcomm | qca6696 | * |
| qualcomm | qca6698aq_firmware | * |
| qualcomm | qca6698aq | * |
| qualcomm | qca6797aq_firmware | * |
| qualcomm | qca6797aq | * |
| qualcomm | sa7255p_firmware | * |
| qualcomm | sa7255p | * |
| qualcomm | sa7775p_firmware | * |
| qualcomm | sa7775p | * |
| qualcomm | sa8255p_firmware | * |
| qualcomm | sa8255p | * |
| qualcomm | sa8620p_firmware | * |
| qualcomm | sa8620p | * |
| qualcomm | sa8650p_firmware | * |
| qualcomm | sa8650p | * |
| qualcomm | sa8770p_firmware | * |
| qualcomm | sa8770p | * |
| qualcomm | sa8775p_firmware | * |
| qualcomm | sa8775p | * |
| qualcomm | sa9000p_firmware | * |
| qualcomm | sa9000p | * |
| qualcomm | srv1h_firmware | * |
| qualcomm | srv1h | * |
| qualcomm | srv1l_firmware | * |
| qualcomm | srv1l | * |
| qualcomm | srv1m_firmware | * |
| qualcomm | srv1m | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves memory corruption that occurs when a corrupted ELF (Executable and Linkable Format) image with an oversized file size is read into a buffer without proper authentication. This can lead to unexpected behavior or exploitation due to improper handling of the corrupted file.
How can this vulnerability impact me? :
The vulnerability can lead to high impact on confidentiality and integrity, as indicated by the CVSS score. An attacker could exploit this memory corruption to compromise system security, potentially gaining unauthorized access or causing data corruption.