Cyber Posture

CVE-2025-47385

High

Published: 02 March 2026

Published
02 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47385 is a high-severity Improper Access Control for Register Interface (CWE-1262) vulnerability in Qualcomm Sa8295P Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match
prevent

Employs the principle of least privilege to ensure low-privileged local attackers cannot access the trusted execution environment without proper checks.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations and privilege checks for logical access to sensitive resources like the trusted execution environment, preventing unauthorized access.

SI-16 Memory Protection good match
prevent

Implements memory protections to prevent unauthorized disclosure, modification, or execution resulting from memory corruption during improper TEE access.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local memory corruption in TEE due to missing privilege checks directly enables privilege escalation via exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Memory Corruption when accessing trusted execution environment without proper privilege check.

Deeper analysisAI

CVE-2025-47385 is a memory corruption vulnerability that arises when accessing the trusted execution environment without proper privilege checks. It affects components in Qualcomm products, as detailed in the vendor's March 2026 security bulletin. The issue carries a CVSS v3.1 base score of 7.8, with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and is classified under CWE-1262. The vulnerability was published on 2026-03-02.

A local attacker with low privileges can exploit CVE-2025-47385 with low attack complexity and no user interaction. Exploitation enables high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability through memory corruption in the trusted execution environment.

Qualcomm's security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html provides details on affected products, patches, and mitigation recommendations for addressing this vulnerability.

Details

CWE(s)
CWE-1262

Affected Products

qualcomm
sa8295p firmware
all versions
qualcomm
sa8620p firmware
all versions
qualcomm
sa8770p firmware
all versions
qualcomm
sa9000p firmware
all versions
qualcomm
sar1165p firmware
all versions
qualcomm
sar1250p firmware
all versions
qualcomm
sar2230p firmware
all versions
qualcomm
sm7435 firmware
all versions
qualcomm
sm8750p firmware
all versions
qualcomm
snapdragon 4 gen 1 mobile platform firmware
all versions
+84 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-59600Same product: Qualcomm Fastconnect 6200
CVE-2025-47389Same product: Qualcomm Fastconnect 6200
CVE-2025-47373Same product: Qualcomm Fastconnect 6200
CVE-2025-47391Same product: Qualcomm Fastconnect 6200
CVE-2025-47377Same product: Qualcomm Fastconnect 6200
CVE-2026-21385Same product: Qualcomm Fastconnect 6200
CVE-2025-47346Same product: Qualcomm Fastconnect 6200
CVE-2025-47397Same product: Qualcomm Fastconnect 6200
CVE-2025-47398Same product: Qualcomm Fastconnect 6200
CVE-2026-24082Same product: Qualcomm Fastconnect 6200

References