#VU123405 Exposure of Sensitive System Information to an Unauthorized Control Sphere in Qualcomm products - CVE-2025-47378

Vulnerability identifier: #VU123405

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-47378

CWE-ID: CWE-497

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cologne
FastConnect 6700
FastConnect 6800
FastConnect 6900
FastConnect 7800
LeMans_AU_LGIT
LeMansAU
Pandeiro
QAM8255P
QAMSRV1H
QAMSRV1M
QCA6391
QCA6595
QCA6595AU
QCA6696
QCA6698AQ
QCA6797AQ
QLN1083BD
QLN1086BD
QPA1083BD
QPA1086BD
QXM1083
QXM1086
QXM1093
QXM1094
QXM1095
QXM1096
SA7255P
SA7775P
SA8255P
SA8770P
SAR1165P
SAR1250P
SAR2130P
SAR2230P
SD865 5G
Snapdragon 8 Elite Gen 5
Snapdragon 865 5G Mobile Platform
Snapdragon 865+ 5G Mobile Platform
Snapdragon 870 5G Mobile Platform
Snapdragon AR1 Gen 1 Platform
Snapdragon AR1+ Gen 1 Platform
Snapdragon X55 5G Modem-RF System
Snapdragon XR2 5G Platform
Snapdragon XR2+ Gen 1 Platform
SRV1H
SRV1M
SXR2230P
SXR2250P
WCD9378C
WCD9380
WCD9385
WCD9395
WCN3950
WCN7860
WCN7861
WSA8810
WSA8815
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H
X2000077
X2000086
X2000090
X2000092
X2000094
XG101002
XG101032
XG101039
SA8620P
SA9000P
WSA8832

Software vendor:
Qualcomm

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in HLOS. A local application can read and manipulate data.

Install security update from vendor's website.

• https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html