CVE-2025-47383
Published: 02 March 2026
Summary
CVE-2025-47383 is a high-severity Missing Cryptographic Step (CWE-325) vulnerability in Qualcomm 5G Fixed Wireless Access Platform Firmware. Its CVSS base score is 7.2 (High).
Operationally, ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Deeper analysisAI
CVE-2025-47383 is a vulnerability in which weak configuration may lead to a cryptographic issue when a VoWiFi call is triggered from user equipment (UE). It is associated with CWE-325 (Missing Required Cryptographic Step) and affects Qualcomm components, as documented in their security bulletin. The vulnerability received a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, high confidentiality/integrity/availability impact, and unchanged scope.
An attacker with high privileges (PR:H) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation could result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), stemming from the cryptographic failure triggered by VoWiFi call initiation from the UE.
Qualcomm's March 2026 security bulletin provides details on the issue, including advisories and patches for mitigation, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html. The CVE was published on 2026-03-02T17:16:26.383.
Details
- CWE(s)