CVE-2025-47358
Published: 02 February 2026
Summary
CVE-2025-47358 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-16 enforces memory protections such as address space layout randomization and page permissions that prevent exploitation of use-after-free vulnerabilities like invalid kernel memory freeing from user-supplied addresses.
SI-10 requires validation of user-supplied addresses passed to kernel APIs like mem_free, blocking modified user space addresses from causing kernel memory corruption.
SC-39 provides process isolation between user and kernel spaces, limiting the impact of flawed APIs that allow user-controlled inputs to affect kernel memory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Kernel UAF/memory corruption directly enables local privilege escalation via exploitation of the mem_free API flaw.
NVD Description
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
Deeper analysisAI
CVE-2025-47358 is a memory corruption vulnerability that arises when a modified user space address is passed to the mem_free API, leading to the inadvertent freeing of kernel memory. Published on 2026-02-02, this issue is classified as CWE-416 (Use After Free) and affects Qualcomm software components, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity and no user interaction required. By modifying a user space address and supplying it to the mem_free API, the attacker triggers kernel memory corruption, potentially achieving arbitrary kernel memory manipulation, privilege escalation, data leakage, or system compromise.
Qualcomm's February 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bulletin.html details affected products and recommends applying available patches or mitigations to address the vulnerability.
Details
- CWE(s)