Cyber Resilience

CVE-2025-47399

High

Published: 02 February 2026

Published
02 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47399 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Qualcomm Cologne Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-47399 is a memory corruption vulnerability, classified under CWE-120, that occurs while processing an IOCTL call to update sensor property settings with invalid input parameters. It affects Qualcomm software components, particularly those handling sensor-related operations.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it through low-complexity means without requiring user interaction, potentially achieving high impacts on confidentiality, integrity, and availability, such as arbitrary code execution or system compromise.

Qualcomm's February 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bulletin.html provides details on affected products and mitigation measures, including available patches.

EU & UK References

Vulnerability details

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local memory corruption in IOCTL handler directly enables kernel-level exploitation for privilege escalation and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21382Same product: Qualcomm Cologne
CVE-2025-47380Same product: Qualcomm Fastconnect 7800
CVE-2025-47356Same product: Qualcomm Cologne
CVE-2024-45547Same product: Qualcomm Fastconnect 7800
CVE-2024-21464Same product: Qualcomm Fastconnect 7800
CVE-2026-21380Same product: Qualcomm Cologne
CVE-2025-47358Same product: Qualcomm Fastconnect 7800
CVE-2025-47389Same product: Qualcomm Cologne
CVE-2025-47394Same product: Qualcomm Fastconnect 7800
CVE-2025-47388Same product: Qualcomm Fastconnect 7800

Affected Assets

qualcomm
cologne firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
wcd9378c firmware
all versions
qualcomm
wsa8840 firmware
all versions
qualcomm
wsa8845 firmware
all versions
qualcomm
wsa8845h firmware
all versions
qualcomm
x2000077 firmware
all versions
qualcomm
x2000086 firmware
all versions
qualcomm
x2000090 firmware
all versions
qualcomm
x2000092 firmware
all versions
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of invalid input parameters to IOCTL calls for sensor property updates, preventing memory corruption.

prevent

Implements runtime memory protections such as address space layout randomization and data execution prevention to mitigate exploitation of memory corruption vulnerabilities.

prevent

Requires timely application of vendor patches for the specific Qualcomm sensor IOCTL flaw, eliminating the vulnerability.

References