9
CVE-2025-47372
- EPSS 0.02%
- Veröffentlicht 18.12.2025 05:29:10
- Zuletzt bearbeitet 23.12.2025 21:54:12
- Quelle product-security@qualcomm.com
- CVE-Watchlists
- Unerledigt
LoginMemory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qualcomm ≫ Qam8255p Firmware Version-
Qualcomm ≫ Qam8620p Firmware Version-
Qualcomm ≫ Qam8650p Firmware Version-
Qualcomm ≫ Qam8775p Firmware Version-
Qualcomm ≫ Qamsrv1h Firmware Version-
Qualcomm ≫ Qamsrv1m Firmware Version-
Qualcomm ≫ Qca6595 Firmware Version-
Qualcomm ≫ Qca6595au Firmware Version-
Qualcomm ≫ Qca6678aq Firmware Version-
Qualcomm ≫ Qca6696 Firmware Version-
Qualcomm ≫ Qca6698aq Firmware Version-
Qualcomm ≫ Qca6797aq Firmware Version-
Qualcomm ≫ Sa7255p Firmware Version-
Qualcomm ≫ Sa7775p Firmware Version-
Qualcomm ≫ Sa8255p Firmware Version-
Qualcomm ≫ Sa8620p Firmware Version-
Qualcomm ≫ Sa8650p Firmware Version-
Qualcomm ≫ Sa8770p Firmware Version-
Qualcomm ≫ Sa8775p Firmware Version-
Qualcomm ≫ Sa9000p Firmware Version-
Qualcomm ≫ Srv1h Firmware Version-
Qualcomm ≫ Srv1l Firmware Version-
Qualcomm ≫ Srv1m Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.04 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| product-security@qualcomm.com | 9 | 2.5 | 5.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.