Cyber Resilience

CVE-2025-47386

High

Published: 02 March 2026

Published
02 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47386 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Ar8031 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-47386 is a memory corruption vulnerability classified under CWE-416 (Use After Free), triggered by concurrent access to a shared buffer during IOCTL call invocation. It affects components in Qualcomm products, as documented in the vendor's security bulletin.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating exploitation requires local access with low privileges, low attack complexity, and no user interaction. A successful attacker can achieve high impacts on confidentiality, integrity, and availability, potentially resulting in full system compromise through memory corruption.

Mitigation details are provided in the Qualcomm March 2026 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html. Security practitioners should consult this advisory for patch information and recommended actions.

EU & UK References

Vulnerability details

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free memory corruption via IOCTL enables kernel/driver exploitation for privilege escalation to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-47376Same product: Qualcomm Ar8031
CVE-2025-47375Same product: Qualcomm Ar8031
CVE-2025-47379Same product: Qualcomm Ar8031
CVE-2025-47377Same product: Qualcomm Ar8035
CVE-2026-24082Same product: Qualcomm Ar8031
CVE-2025-47398Same product: Qualcomm Ar8031
CVE-2025-21424Same product: Qualcomm Ar8031
CVE-2024-45553Same product: Qualcomm Ar8035
CVE-2024-53023Same product: Qualcomm Ar8035
CVE-2025-47339Same product: Qualcomm Ar8035

Affected Assets

qualcomm
ar8031 firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
csra6620 firmware
all versions
qualcomm
csra6640 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
flight rb5 5g platform firmware
all versions
+160 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Memory protection controls directly mitigate use-after-free vulnerabilities by preventing unauthorized memory access and corruption during concurrent IOCTL operations.

prevent

Prevents unauthorized and unintended information transfer via shared system resources, directly addressing concurrent access to the shared buffer that triggers the vulnerability.

prevent

Process isolation limits interference between processes or kernel components, reducing the risk of race conditions leading to memory corruption in IOCTL handling.

References