Cyber Resilience

CVE-2025-47400

High

Published: 06 April 2026

Published
06 April 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 0.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47400 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Pandeiro Firmware. Its CVSS base score is 7.1 (High).

Operationally, ranked at the 0.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-47400, published on 2026-04-06, is a cryptographic vulnerability involving the copying of data to a destination buffer without validating its size, classified under CWE-126 (Buffer Over-read). It affects components in Qualcomm products, as detailed in the vendor's security bulletin, and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to impacts on confidentiality and integrity.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables high-impact unauthorized disclosure of sensitive data and modification of information integrity, without affecting availability or requiring elevated privileges beyond basic local access.

Qualcomm's April 2026 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html) documents the issue, including affected products and guidance on available patches or mitigations.

EU & UK References

Vulnerability details

Cryptographic issue while copying data to a destination buffer without validating its size.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-47390Same product: Qualcomm Wsa8840
CVE-2026-21381Same product: Qualcomm Pandeiro
CVE-2026-21375Same product: Qualcomm Wsa8840
CVE-2025-59600Same product: Qualcomm Pandeiro
CVE-2026-21367Same product: Qualcomm Pandeiro
CVE-2026-21378Same product: Qualcomm Wsa8840
CVE-2026-21371Same product: Qualcomm Wsa8840
CVE-2026-21374Same product: Qualcomm Wsa8840
CVE-2026-21376Same product: Qualcomm Wsa8840
CVE-2026-21373Same product: Qualcomm Wsa8840

Affected Assets

qualcomm
pandeiro firmware
all versions
qualcomm
snapdragon 8 elite gen 5 firmware
all versions
qualcomm
sw6100 firmware
all versions
qualcomm
sw6100p firmware
all versions
qualcomm
themisto firmware
all versions
qualcomm
wcd9395 firmware
all versions
qualcomm
wcn7860 firmware
all versions
qualcomm
wcn7861 firmware
all versions
qualcomm
wsa8840 firmware
all versions
qualcomm
wsa8845 firmware
all versions
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the buffer over-read vulnerability by requiring timely identification, reporting, and remediation of flaws, including applying patches from Qualcomm's security bulletin.

prevent

Provides memory protections such as non-executable memory regions and stack guards that mitigate exploitation of buffer over-reads leading to unauthorized disclosure and integrity modification.

detect

Enables vulnerability scanning to identify and prioritize high-severity issues like CVE-2025-47400 in Qualcomm components for prompt remediation.

References