High

Qualcomm memory corruption while processing user buffers

IdentifiersCVE-2025-47351CWE-119

CVE-2025-47351 is a Qualcomm vulnerability listed in the December 2025 Android Security Bulletin at high severity. The available description states only that it is a memory-corruption issue triggered while processing user buffers. Based on the provided content, the flaw appears to affect a Qualcomm component included in the 2025-12-05 Android security patch level, but the specific product, subsystem, root cause, and vulnerable function are not identified in the supplied material.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation of this memory-corruption vulnerability could plausibly result in process compromise, denial of service, or potentially code execution within the affected Qualcomm component, depending on the exact corruption primitive and execution context. However, the provided content does not specify the precise security impact for CVE-2025-47351 beyond its classification as a high-severity Qualcomm issue.

Mitigation

If you can’t patch tonight, do this now.

If patching is not immediately possible, reduce exposure by limiting use of untrusted local inputs and interfaces that can supply crafted user buffers to the affected Qualcomm component, restricting installation of untrusted applications, and accelerating OEM firmware rollout validation. The provided content does not include a vendor-specific workaround or configuration-based mitigation for this CVE.

Remediation

Patch, then assume compromise.

Apply the December 2025 Android security updates that include the 2025-12-05 patch level, along with the corresponding OEM/vendor firmware updates that incorporate Qualcomm’s fix for CVE-2025-47351. Because Qualcomm issues may depend on device-manufacturer integration schedules, ensure the device has received the vendor-specific patch set in addition to the Android bulletin level.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

QualcommFastconnect 6200 Firmwareoperating_system

QualcommFastconnect 6700 Firmwareoperating_system

QualcommFastconnect 6900 Firmwareoperating_system

QualcommFastconnect 7800 Firmwareoperating_system

QualcommSg6150 Firmwareoperating_system

QualcommSg6150p Firmwareoperating_system

QualcommSm8750 Firmwareoperating_system

QualcommSm8750p Firmwareoperating_system

QualcommSm8850 Firmwareoperating_system

QualcommSm8850p Firmwareoperating_system

QualcommWcd9370 Firmwareoperating_system

QualcommWcd9375 Firmwareoperating_system

QualcommWcd9385 Firmwareoperating_system

QualcommWcd9395 Firmwareoperating_system

QualcommWcn3950 Firmwareoperating_system

QualcommWcn3988 Firmwareoperating_system

QualcommWcn7860 Firmwareoperating_system

QualcommWcn7861 Firmwareoperating_system

QualcommWcn7880 Firmwareoperating_system

QualcommWcn7881 Firmwareoperating_system

QualcommWsa8810 Firmwareoperating_system

QualcommWsa8815 Firmwareoperating_system

QualcommWsa8830 Firmwareoperating_system

QualcommWsa8832 Firmwareoperating_system

QualcommWsa8835 Firmwareoperating_system

QualcommWsa8840 Firmwareoperating_system

QualcommWsa8845 Firmwareoperating_system

QualcommWsa8845h Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

socradar blogNews

Dec 2, 2025

December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited

High-severity Qualcomm-related kernel/bootloader vulnerability referenced as fixed in the December 2025 Android bulletin (details deferred to Qualcomm advisories).

cyberthroneNews

Dec 2, 2025

Android Patch Update December 2025

High-severity Qualcomm component vulnerability referenced as addressed in Qualcomm’s December 2025 bulletin (vendor/OEM patch dependent).

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-47351

NVD

nvd.nist.gov/vuln/detail/CVE-2025-47351

MITRE CWE · CWE-119

cwe.mitre.org

Vendor Advisory

docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html