CVE-2025-47363
Published: 02 February 2026
Summary
CVE-2025-47363 is a medium-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Qualcomm Qam8255P Firmware. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption from integer overflow enables arbitrary code execution with physical access, directly facilitating local privilege escalation on affected Qualcomm components.
NVD Description
Memory corruption when calculating oversized partition sizes without proper checks.
Deeper analysisAI
CVE-2025-47363 is a memory corruption vulnerability stemming from CWE-190 (Integer Overflow or Wraparound), triggered by calculating oversized partition sizes without adequate bounds checking. It affects Qualcomm components, as detailed in the vendor's security bulletin. The vulnerability was published on 2026-02-02 with a CVSS v3.1 base score of 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating medium severity with high impacts on confidentiality, integrity, and availability.
Exploitation requires physical access to the target device (AV:P) and involves low attack complexity with no privileges or user interaction needed (PR:N/UI:N). A successful attacker can leverage the memory corruption to achieve high-level compromise, potentially gaining unauthorized control over affected components through arbitrary code execution or data manipulation.
Qualcomm's February 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bulletin.html provides guidance on mitigation, including available patches and remediation steps for impacted products.
Details
- CWE(s)