CVE-2025-47378

Name: CVE-2025-47378
Creator: NVD / NIST
Published: 2026-03-02T17:16:25.453+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10EPSS 0.07%

Last modified Jun 17, 2026

CVE-2025-47378 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.. EPSS estimates a 0.07% chance of exploitation in the next 30 days.

Description

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

Metrics

CVSS 3.1

7.1/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Probability

0.07%

0.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-497

Affected Software

Vendor	Product	Versions
Qualcomm	Cologne Firmware	All versions
Qualcomm	Fastconnect 6700 Firmware	All versions
Qualcomm	Fastconnect 6800 Firmware	All versions
Qualcomm	Fastconnect 6900 Firmware	All versions
Qualcomm	Fastconnect 7800 Firmware	All versions
Qualcomm	Lemans Au Lgit Firmware	All versions
Qualcomm	Lemansau Firmware	All versions
Qualcomm	Pandeiro Firmware	All versions
Qualcomm	Qam8255p Firmware	All versions
Qualcomm	Qamsrv1h Firmware	All versions
Qualcomm	Qamsrv1m Firmware	All versions
Qualcomm	Qca6391 Firmware	All versions
Qualcomm	Qca6595 Firmware	All versions
Qualcomm	Qca6595au Firmware	All versions
Qualcomm	Qca6696 Firmware	All versions
Qualcomm	Qca6698aq Firmware	All versions
Qualcomm	Qca6797aq Firmware	All versions
Qualcomm	Qln1083bd Firmware	All versions
Qualcomm	Qln1086bd Firmware	All versions
Qualcomm	Qpa1083bd Firmware	All versions
Qualcomm	Qpa1086bd Firmware	All versions
Qualcomm	Qxm1083 Firmware	All versions
Qualcomm	Qxm1086 Firmware	All versions
Qualcomm	Qxm1093 Firmware	All versions
Qualcomm	Qxm1094 Firmware	All versions
Qualcomm	Qxm1095 Firmware	All versions
Qualcomm	Qxm1096 Firmware	All versions
Qualcomm	Sa7255p Firmware	All versions
Qualcomm	Sa7775p Firmware	All versions
Qualcomm	Sa8255p Firmware	All versions
Qualcomm	Sa8620p Firmware	All versions
Qualcomm	Sa8770p Firmware	All versions
Qualcomm	Sa9000p Firmware	All versions
Qualcomm	Sar1165p Firmware	All versions
Qualcomm	Sar1250p Firmware	All versions
Qualcomm	Sar2130p Firmware	All versions
Qualcomm	Sar2230p Firmware	All versions
Qualcomm	Sd865 5g Firmware	All versions
Qualcomm	Snapdragon 8 Elite Gen 5 Firmware	All versions
Qualcomm	Snapdragon 865 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 865\+ 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 870 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon Ar1 Gen 1 Platform Firmware	All versions
Qualcomm	Snapdragon Ar1\+ Gen 1 Platform Firmware	All versions
Qualcomm	Snapdragon X55 5g Modem-Rf System Firmware	All versions
Qualcomm	Snapdragon Xr2 5g Platform Firmware	All versions
Qualcomm	Snapdragon Xr2\+ Gen 1 Platform Firmware	All versions
Qualcomm	Srv1h Firmware	All versions
Qualcomm	Srv1m Firmware	All versions
Qualcomm	Sxr2230p Firmware	All versions

Showing 50 of 74 affected configurations. See NVD for the full list.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.htmlVendor Advisory

Timeline

Published: Mar 2, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-47378?

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

How severe is CVE-2025-47378?

CVE-2025-47378 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 0.07% probability of exploitation in the next 30 days.

How do I fix CVE-2025-47378?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-47378?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST