Cyber Resilience

CVE-2025-47377

High

Published: 02 March 2026

Published
02 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47377 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Ar8035 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-47377 is a memory corruption vulnerability stemming from access to a buffer after it has been freed (CWE-416) while processing IOCTL calls. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-02. The vulnerability affects components in Qualcomm products, as referenced in their security advisories.

A local attacker with low privileges can exploit this issue with low complexity and no user interaction required. By sending crafted IOCTL calls, the attacker triggers the use-after-free condition, enabling memory corruption that results in high impacts to confidentiality, integrity, and availability, such as potential arbitrary code execution within the affected process scope.

Qualcomm's March 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html details patches and mitigation guidance for affected products.

EU & UK References

Vulnerability details

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free in IOCTL processing enables arbitrary code execution from low-privileged context, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-47386Same product: Qualcomm Ar8035
CVE-2025-47376Same product: Qualcomm Ar8035
CVE-2025-47375Same product: Qualcomm Ar8035
CVE-2025-47379Same product: Qualcomm Ar8035
CVE-2026-24082Same product: Qualcomm Ar8035
CVE-2025-47398Same product: Qualcomm Fastconnect 6200
CVE-2024-45553Same product: Qualcomm Ar8035
CVE-2024-53023Same product: Qualcomm Ar8035
CVE-2025-47339Same product: Qualcomm Ar8035
CVE-2025-21424Same product: Qualcomm Ar8035

Affected Assets

qualcomm
ar8035 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
flight rb5 5g platform firmware
all versions
qualcomm
fwa gen 3 ultra firmware
all versions
qualcomm
g1 gen 1 firmware
all versions
qualcomm
lemans au lgit firmware
all versions
qualcomm
lemansau firmware
all versions
qualcomm
milos firmware
all versions
+112 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability in IOCTL processing by requiring timely application of Qualcomm patches from the March 2026 security bulletin.

prevent

Implements memory protection safeguards that prevent exploitation of the use-after-free condition for arbitrary code execution during IOCTL handling.

prevent

Validates IOCTL inputs to block crafted calls that trigger the buffer-after-free memory corruption.

References