CVE-2025-47363
Published: 02 February 2026
Summary
CVE-2025-47363 is a medium-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Qualcomm Qam8255P Firmware. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-47363 is a memory corruption vulnerability stemming from CWE-190 (Integer Overflow or Wraparound), triggered by calculating oversized partition sizes without adequate bounds checking. It affects Qualcomm components, as detailed in the vendor's security bulletin. The vulnerability was published on 2026-02-02 with a CVSS v3.1 base score of 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating medium severity with high impacts on confidentiality, integrity, and availability.
Exploitation requires physical access to the target device (AV:P) and involves low attack complexity with no privileges or user interaction needed (PR:N/UI:N). A successful attacker can leverage the memory corruption to achieve high-level compromise, potentially gaining unauthorized control over affected components through arbitrary code execution or data manipulation.
Qualcomm's February 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bulletin.html provides guidance on mitigation, including available patches and remediation steps for impacted products.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206606
Vulnerability details
Memory corruption when calculating oversized partition sizes without proper checks.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption from integer overflow enables arbitrary code execution with physical access, directly facilitating local privilege escalation on affected Qualcomm components.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of partition-size inputs to reject oversized or overflowed values before memory allocation occurs.
Enforces memory-protection mechanisms that can block or contain corruption resulting from the integer-overflow condition.
Mandates timely application of Qualcomm patches that insert the missing bounds checks for partition-size calculations.