CVE-2025-47378
Undergoing Analysis Undergoing Analysis - In Progress
Cryptographic Flaw in Shared VM Allows Unauthorized Cert Chain Access

Publication date: 2026-03-02

Last updated on: 2026-03-05

Assigner: Qualcomm, Inc.

Description
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-03-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-47378
EUVD
EUVD-2025-208187
Affected Vendors & Products
Showing 74 associated CPEs
Vendor Product Version / Range
qualcomm cologne_firmware *
qualcomm fastconnect_6700_firmware *
qualcomm fastconnect_6800_firmware *
qualcomm fastconnect_6900_firmware *
qualcomm fastconnect_7800_firmware *
qualcomm lemans_au_lgit_firmware *
qualcomm lemansau_firmware *
qualcomm pandeiro_firmware *
qualcomm qam8255p_firmware *
qualcomm qamsrv1h_firmware *
qualcomm qamsrv1m_firmware *
qualcomm qca6391_firmware *
qualcomm qca6595_firmware *
qualcomm qca6595au_firmware *
qualcomm qca6696_firmware *
qualcomm qca6698aq_firmware *
qualcomm qca6797aq_firmware *
qualcomm qln1083bd_firmware *
qualcomm qln1086bd_firmware *
qualcomm qpa1083bd_firmware *
qualcomm qpa1086bd_firmware *
qualcomm qxm1083_firmware *
qualcomm qxm1086_firmware *
qualcomm qxm1093_firmware *
qualcomm qxm1094_firmware *
qualcomm qxm1095_firmware *
qualcomm qxm1096_firmware *
qualcomm sa7255p_firmware *
qualcomm sa7775p_firmware *
qualcomm sa8255p_firmware *
qualcomm sa8620p_firmware *
qualcomm sa8770p_firmware *
qualcomm sa9000p_firmware *
qualcomm sar1165p_firmware *
qualcomm sar1250p_firmware *
qualcomm sar2130p_firmware *
qualcomm sar2230p_firmware *
qualcomm sd865_5g_firmware *
qualcomm snapdragon_8_elite_gen_5_firmware *
qualcomm snapdragon_865_5g_mobile_platform_firmware *
qualcomm snapdragon_865+_5g_mobile_platform_firmware *
qualcomm snapdragon_870_5g_mobile_platform_firmware *
qualcomm snapdragon_ar1_gen_1_platform_firmware *
qualcomm snapdragon_ar1+_gen_1_platform_firmware *
qualcomm snapdragon_x55_5g_modem-rf_system_firmware *
qualcomm snapdragon_xr2_5g_platform_firmware *
qualcomm snapdragon_xr2+_gen_1_platform_firmware *
qualcomm srv1h_firmware *
qualcomm srv1m_firmware *
qualcomm sxr2230p_firmware *
qualcomm sxr2250p_firmware *
qualcomm wcd9378c_firmware *
qualcomm wcd9380_firmware *
qualcomm wcd9385_firmware *
qualcomm wcd9395_firmware *
qualcomm wcn3950_firmware *
qualcomm wcn7860_firmware *
qualcomm wcn7861_firmware *
qualcomm wsa8810_firmware *
qualcomm wsa8815_firmware *
qualcomm wsa8830_firmware *
qualcomm wsa8832_firmware *
qualcomm wsa8835_firmware *
qualcomm wsa8840_firmware *
qualcomm wsa8845_firmware *
qualcomm wsa8845h_firmware *
qualcomm x2000077_firmware *
qualcomm x2000086_firmware *
qualcomm x2000090_firmware *
qualcomm x2000092_firmware *
qualcomm x2000094_firmware *
qualcomm xg101002_firmware *
qualcomm xg101032_firmware *
qualcomm xg101039_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cryptographic issue that occurs when a shared virtual machine (VM) reference allows the High-Level Operating System (HLOS) to access the boot loader and the certificate chain.

Impact Analysis

The vulnerability can lead to high confidentiality and integrity impacts because it allows unauthorized access to the boot loader and certificate chain. This could potentially enable an attacker with limited privileges to compromise sensitive cryptographic material or manipulate the boot process.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart