CVE-2025-47400
Published: 06 April 2026
Summary
CVE-2025-47400 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Pandeiro Firmware. Its CVSS base score is 7.1 (High).
Operationally, ranked at the 0.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2025-47400, published on 2026-04-06, is a cryptographic vulnerability involving the copying of data to a destination buffer without validating its size, classified under CWE-126 (Buffer Over-read). It affects components in Qualcomm products, as detailed in the vendor's security bulletin, and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to impacts on confidentiality and integrity.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables high-impact unauthorized disclosure of sensitive data and modification of information integrity, without affecting availability or requiring elevated privileges beyond basic local access.
Qualcomm's April 2026 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html) documents the issue, including affected products and guidance on available patches or mitigations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209231
Vulnerability details
Cryptographic issue while copying data to a destination buffer without validating its size.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the buffer over-read vulnerability by requiring timely identification, reporting, and remediation of flaws, including applying patches from Qualcomm's security bulletin.
Provides memory protections such as non-executable memory regions and stack guards that mitigate exploitation of buffer over-reads leading to unauthorized disclosure and integrity modification.
Enables vulnerability scanning to identify and prioritize high-severity issues like CVE-2025-47400 in Qualcomm components for prompt remediation.