CVE-2025-47400
Received Received - Intake

Buffer Overflow in Qualcomm Crypto Module Risks Data Corruption

Vulnerability report for CVE-2025-47400, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-06

Last updated on: 2026-04-08

Assigner: Qualcomm, Inc.

Description

Cryptographic issue while copying data to a destination buffer without validating its size.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-06
Last Modified
2026-04-08
Generated
2026-07-06
AI Q&A
2026-04-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
qualcomm pandeiro_firmware *
qualcomm snapdragon_8_elite_gen_5_firmware *
qualcomm sw6100_firmware *
qualcomm sw6100p_firmware *
qualcomm themisto_firmware *
qualcomm wcd9395_firmware *
qualcomm wcn7860_firmware *
qualcomm wcn7861_firmware *
qualcomm wsa8840_firmware *
qualcomm wsa8845_firmware *
qualcomm wsa8845h_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a cryptographic issue that occurs when data is copied to a destination buffer without validating the size of that buffer. This means that the process does not check if the buffer is large enough to hold the data being copied, which can lead to problems such as buffer overflows.

Impact Analysis

The vulnerability can have a significant impact because it allows unauthorized access or modification of sensitive data. According to the CVSS score, it has a high impact on confidentiality and integrity, meaning attackers could potentially read or alter sensitive information. However, it requires local access with low privileges and no user interaction.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47400. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart