CVE Field Guide
About Us
CVE-2025-47378
PUBLISHED
Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS
Assigner:
qualcomm
Reserved:
06.05.2025
Published:
02.03.2026
Updated:
03.03.2026
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS Score:
7.1
CVSS score
7.1
Attack Vector
Local
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
High
Privileges Required
Low
Integrity Impact
High
User Interaction
None
Availability Impact
None
CVSS 3.1
Product Status
Vendor
Qualcomm, Inc.
Product
Snapdragon
Versions
Default:
unaffected
Version Cologne is affected
Version FastConnect 6700 is affected
Version FastConnect 6800 is affected
Version FastConnect 6900 is affected
Version FastConnect 7800 is affected
Version LeMans_AU_LGIT is affected
Version LeMansAU is affected
Version Pandeiro is affected
Version QAM8255P is affected
Version QAMSRV1H is affected
Version QAMSRV1M is affected
Version QCA6391 is affected
Version QCA6595 is affected
Version QCA6595AU is affected
Version QCA6696 is affected
Version QCA6698AQ is affected
Version QCA6797AQ is affected
Version QLN1083BD is affected
Version QLN1086BD is affected
Version QPA1083BD is affected
Version QPA1086BD is affected
Version QXM1083 is affected
Version QXM1086 is affected
Version QXM1093 is affected
Version QXM1094 is affected
Version QXM1095 is affected
Version QXM1096 is affected
Version SA7255P is affected
Version SA7775P is affected
Version SA8255P is affected
Version SA8620P is affected
Version SA8770P is affected
Version SA9000P is affected
Version SAR1165P is affected
Version SAR1250P is affected
Version SAR2130P is affected
Version SAR2230P is affected
Version SD865 5G is affected
Version Snapdragon 8 Elite Gen 5 is affected
Version Snapdragon 865 5G Mobile Platform is affected
Version Snapdragon 865+ 5G Mobile Platform is affected
Version Snapdragon 870 5G Mobile Platform is affected
Version Snapdragon AR1 Gen 1 Platform is affected
Version Snapdragon AR1+ Gen 1 Platform is affected
Version Snapdragon X55 5G Modem-RF System is affected
Version Snapdragon XR2 5G Platform is affected
Version Snapdragon XR2+ Gen 1 Platform is affected
Version SRV1H is affected
Version SRV1M is affected
Version SXR2230P is affected
Version SXR2250P is affected
Version WCD9378C is affected
Version WCD9380 is affected
Version WCD9385 is affected
Version WCD9395 is affected
Version WCN3950 is affected
Version WCN7860 is affected
Version WCN7861 is affected
Version WSA8810 is affected
Version WSA8815 is affected
Version WSA8830 is affected
Version WSA8832 is affected
Version WSA8835 is affected
Version WSA8840 is affected
Version WSA8845 is affected
Version WSA8845H is affected
Version X2000077 is affected
Version X2000086 is affected
Version X2000090 is affected
Version X2000092 is affected
Version X2000094 is affected
Version XG101002 is affected
Version XG101032 is affected
Version XG101039 is affected
References
https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html
Problem Types
CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE