Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Memory corruption in Qualcomm boot loader firmware loading

IdentifiersCVE-2025-47382CWE-119

CVE-2025-47382 is a Qualcomm boot loader vulnerability described as memory corruption while loading an invalid firmware image. The issue occurs in the boot loader’s firmware-loading path when malformed or invalid firmware is processed, leading to memory corruption. Based on the provided bulletin context, this is a high-severity Qualcomm bootloader issue included in the Android December 2025 security updates at the 2025-12-05 patch level. No further public detail about the exact vulnerable function, memory-safety condition, or affected Qualcomm component variant is provided in the supplied content.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation could corrupt memory in the boot chain during firmware loading, which may result in bootloader compromise, abnormal device behavior, denial of service during boot, or potentially further code-execution or privilege-escalation outcomes within the boot context. The precise downstream impact is not specified in the provided content.

Mitigation

If you can’t patch tonight, do this now.

There is no specific mitigation described in the provided content short of installing the relevant OEM/vendor security update. Operationally, organizations should prioritize devices receiving the 2025-12-05 patch level or vendor-equivalent firmware, track OEM rollout status for Qualcomm component fixes, and restrict use of unsupported or unpatched devices where possible.

Remediation

Patch, then assume compromise.

Apply the December 2025 Android security updates that include the 2025-12-05 patch level, along with the corresponding Qualcomm vendor/OEM firmware updates that address CVE-2025-47382. Because this is a vendor bootloader issue, remediation depends on OEM integration and deployment of the Qualcomm-provided fix in device firmware.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
QualcommFastconnect 6200 Firmwareoperating_system
QualcommFastconnect 6700 Firmwareoperating_system
QualcommFastconnect 6900 Firmwareoperating_system
QualcommFastconnect 7800 Firmwareoperating_system
QualcommQam8255p Firmwareoperating_system
QualcommQam8295p Firmwareoperating_system
QualcommQam8620p Firmwareoperating_system
QualcommQam8650p Firmwareoperating_system
QualcommQam8775p Firmwareoperating_system
QualcommQamsrv1h Firmwareoperating_system
QualcommQamsrv1m Firmwareoperating_system
QualcommQca6574 Firmwareoperating_system
QualcommQca6574a Firmwareoperating_system
QualcommQca6574au Firmwareoperating_system
QualcommQca6595 Firmwareoperating_system
QualcommQca6595au Firmwareoperating_system
QualcommQca6688aq Firmwareoperating_system
QualcommQca6696 Firmwareoperating_system
QualcommQca6698aq Firmwareoperating_system
QualcommQca6797aq Firmwareoperating_system
QualcommQca8695au Firmwareoperating_system
QualcommQca9367 Firmwareoperating_system
QualcommQca9377 Firmwareoperating_system
QualcommQcm6690 Firmwareoperating_system
QualcommQcs610 Firmwareoperating_system
QualcommQcs6690 Firmwareoperating_system
QualcommQmp1000 Firmwareoperating_system
QualcommSa6155p Firmwareoperating_system
QualcommSa7255p Firmwareoperating_system
QualcommSa7775p Firmwareoperating_system
QualcommSa8155p Firmwareoperating_system
QualcommSa8195p Firmwareoperating_system
QualcommSa8255p Firmwareoperating_system
QualcommSa8295p Firmwareoperating_system
QualcommSa8620p Firmwareoperating_system
QualcommSa8650p Firmwareoperating_system
QualcommSa8770p Firmwareoperating_system
QualcommSa8775p Firmwareoperating_system
QualcommSa9000p Firmwareoperating_system
QualcommSg6150 Firmwareoperating_system
QualcommSg6150p Firmwareoperating_system
QualcommSm4635 Firmwareoperating_system
QualcommSm6650 Firmwareoperating_system
QualcommSm6650p Firmwareoperating_system
QualcommSm7635 Firmwareoperating_system
QualcommSm7635p Firmwareoperating_system
QualcommSm7675 Firmwareoperating_system
QualcommSm7675p Firmwareoperating_system
QualcommSm8635 Firmwareoperating_system
QualcommSm8635p Firmwareoperating_system
QualcommSm8650q Firmwareoperating_system
QualcommSm8735 Firmwareoperating_system
QualcommSm8750 Firmwareoperating_system
QualcommSm8750p Firmwareoperating_system
QualcommSm8850 Firmwareoperating_system
QualcommSm8850p Firmwareoperating_system
QualcommSnapdragon 4 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 480 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 480+ 5g Mobile Platform (Sm4350-Ac) Firmwareoperating_system
QualcommSnapdragon 695 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8 Gen 3 Mobile Platform Firmwareoperating_system
QualcommSnapdragon Ar1 Gen 1 Platform "Luna1" Firmwareoperating_system
QualcommSnapdragon Ar1 Gen 1 Platform Firmwareoperating_system
QualcommSnapdragon W5+ Gen 1 Wearable Platform Firmwareoperating_system
QualcommSrv1h Firmwareoperating_system
QualcommSrv1l Firmwareoperating_system
QualcommSrv1m Firmwareoperating_system
QualcommSw5100 Firmwareoperating_system
QualcommSw5100p Firmwareoperating_system
QualcommSxr2330p Firmwareoperating_system
QualcommSxr2350p Firmwareoperating_system
QualcommVideo Collaboration Vc1 Platform Firmwareoperating_system
QualcommVideo Collaboration Vc3 Platform Firmwareoperating_system
QualcommWcd9370 Firmwareoperating_system
QualcommWcd9375 Firmwareoperating_system
QualcommWcd9378 Firmwareoperating_system
QualcommWcd9380 Firmwareoperating_system
QualcommWcd9385 Firmwareoperating_system
QualcommWcd9390 Firmwareoperating_system
QualcommWcd9395 Firmwareoperating_system
QualcommWcn3950 Firmwareoperating_system
QualcommWcn3980 Firmwareoperating_system
QualcommWcn3988 Firmwareoperating_system
QualcommWcn6450 Firmwareoperating_system
QualcommWcn6650 Firmwareoperating_system
QualcommWcn6755 Firmwareoperating_system
QualcommWcn7750 Firmwareoperating_system
QualcommWcn7860 Firmwareoperating_system
QualcommWcn7861 Firmwareoperating_system
QualcommWcn7880 Firmwareoperating_system
QualcommWcn7881 Firmwareoperating_system
QualcommWsa8810 Firmwareoperating_system
QualcommWsa8815 Firmwareoperating_system
QualcommWsa8830 Firmwareoperating_system
QualcommWsa8832 Firmwareoperating_system
QualcommWsa8835 Firmwareoperating_system
QualcommWsa8840 Firmwareoperating_system
QualcommWsa8845 Firmwareoperating_system
QualcommWsa8845h Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-47382
NVD
nvd.nist.gov/vuln/detail/CVE-2025-47382
MITRE CWE · CWE-119
cwe.mitre.org
Patch
docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html