Cyber Resilience

CVE-2025-47378

High

Published: 02 March 2026

Published
02 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 2.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47378 is a high-severity Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) vulnerability in Qualcomm Cologne Firmware. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-4 (Information in Shared System Resources).

Deeper analysis

CVE-2025-47378 is a cryptographic vulnerability stemming from a shared virtual machine (VM) reference that enables the High-Level Operating System (HLOS) to access the bootloader and certificate chain. It affects Qualcomm components, as detailed in their security advisories, and is classified under CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere). The issue received a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its potential for unauthorized access to sensitive cryptographic elements.

A local attacker with low privileges can exploit this vulnerability through low-complexity means without requiring user interaction. Successful exploitation allows high-impact confidentiality and integrity violations, such as reading sensitive certificate chain data or tampering with boot processes, while availability remains unaffected due to the unchanged scope.

Qualcomm's March 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html provides further details on affected products, patches, and mitigation recommendations for this CVE.

EU & UK References

Vulnerability details

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
Why these techniques?

Local exposure of bootloader/cert chain data directly enables T1005 for sensitive data access and facilitates T1542.001 for boot process tampering.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-47385Same product: Qualcomm Fastconnect 6700
CVE-2025-47389Same product: Qualcomm Cologne
CVE-2026-25260Same product: Qualcomm Cologne
CVE-2025-59603Same product: Qualcomm Cologne
CVE-2026-21381Same product: Qualcomm Cologne
CVE-2026-25259Same product: Qualcomm Cologne
CVE-2025-59606Same product: Qualcomm Cologne
CVE-2025-47373Same product: Qualcomm Cologne
CVE-2025-59600Same product: Qualcomm Fastconnect 6700
CVE-2026-25276Same product: Qualcomm Fastconnect 6700

Affected Assets

qualcomm
cologne firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
lemans au lgit firmware
all versions
qualcomm
lemansau firmware
all versions
qualcomm
pandeiro firmware
all versions
qualcomm
qam8255p firmware
all versions
qualcomm
qamsrv1h firmware
all versions
+64 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents exposure of the certificate chain and bootloader by ensuring sensitive data is not accessible through shared VM references between HLOS and lower-level components.

prevent

Enforces access control policies that would block the HLOS from reaching the bootloader and certificate chain despite the shared reference.

prevent

Provides process isolation that limits the impact of a shared VM reference, reducing the ability of HLOS to access protected cryptographic material.

References