{"api_version":"1","generated_at":"2026-05-13T07:40:32+00:00","cve":"CVE-2025-47408","urls":{"html":"https://cve.report/CVE-2025-47408","api":"https://cve.report/api/cve/CVE-2025-47408.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-47408","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-47408"},"summary":{"title":"Untrusted Pointer Dereference in Power Optimization Firmware","description":"Memory corruption when another driver calls an IOCTL with invalid input/output buffer.","state":"PUBLISHED","assigner":"qualcomm","published_at":"2026-05-04 17:16:21","updated_at":"2026-05-06 18:03:00"},"problem_types":["CWE-822","CWE-119","CWE-822 CWE-822 Untrusted Pointer Dereference"],"metrics":[{"version":"3.1","source":"product-security@qualcomm.com","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html","name":"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html","refsource":"product-security@qualcomm.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-47408","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47408","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected FastConnect 6200","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected FastConnect 6900","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected FastConnect 7800","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected IQX5121","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected IQX7181","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected QCA0000","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected SC8380XP","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected SD865 5G","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected SM6250","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected Snapdragon 7c Compute Platform","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected Snapdragon 7c Gen 2 Compute Platform \"Rennell Pro\"","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected Snapdragon XR2 5G Platform","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected Snapdragon XR2+ Gen 1 Platform","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected WCD9380","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected WCD9385","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected WSA8810","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected WSA8815","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected WSA8840","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected WSA8845","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]},{"source":"CNA","vendor":"Qualcomm, Inc.","product":"Snapdragon","version":"affected WSA8845H","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"fastconnect_6200","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"fastconnect_6200_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"fastconnect_6900","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"fastconnect_6900_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"fastconnect_7800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"fastconnect_7800_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"iqx5121","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"iqx5121_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"iqx7181","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"iqx7181_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"qca0000","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"qca0000_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"sc8380xp","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"sc8380xp_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"sd865_5g","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"sd865_5g_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"sm6250","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"sm6250_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"snapdragon_7c_compute","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"snapdragon_7c_compute_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"snapdragon_7c_gen_2_compute","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"snapdragon_7c_gen_2_compute_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"snapdragon_xr2\\+_gen_1","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"snapdragon_xr2\\+_gen_1_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"snapdragon_xr2_5g","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"snapdragon_xr2_5g_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"wcd9380","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"wcd9380_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"wcd9385","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"wcd9385_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"wsa8810","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"wsa8810_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"wsa8815","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"wsa8815_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"wsa8840","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"wsa8840_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"wsa8845","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"qualcomm","cpe5":"wsa8845h","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"wsa8845h_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"47408","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qualcomm","cpe5":"wsa8845_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"47408","cve":"CVE-2025-47408","epss":"0.000150000","percentile":"0.032440000","score_date":"2026-05-05","updated_at":"2026-05-06 00:08:09"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-47408","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-04T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-05T03:56:27.690Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"],"product":"Snapdragon","vendor":"Qualcomm, Inc.","versions":[{"status":"affected","version":"FastConnect 6200"},{"status":"affected","version":"FastConnect 6900"},{"status":"affected","version":"FastConnect 7800"},{"status":"affected","version":"IQX5121"},{"status":"affected","version":"IQX7181"},{"status":"affected","version":"QCA0000"},{"status":"affected","version":"SC8380XP"},{"status":"affected","version":"SD865 5G"},{"status":"affected","version":"SM6250"},{"status":"affected","version":"Snapdragon 7c Compute Platform"},{"status":"affected","version":"Snapdragon 7c Gen 2 Compute Platform \"Rennell Pro\""},{"status":"affected","version":"Snapdragon XR2 5G Platform"},{"status":"affected","version":"Snapdragon XR2+ Gen 1 Platform"},{"status":"affected","version":"WCD9380"},{"status":"affected","version":"WCD9385"},{"status":"affected","version":"WSA8810"},{"status":"affected","version":"WSA8815"},{"status":"affected","version":"WSA8840"},{"status":"affected","version":"WSA8845"},{"status":"affected","version":"WSA8845H"}]}],"descriptions":[{"lang":"en","value":"Memory corruption when another driver calls an IOCTL with invalid input/output buffer."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-822","description":"CWE-822 Untrusted Pointer Dereference","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-04T16:43:14.541Z","orgId":"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f","shortName":"qualcomm"},"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html"}],"title":"Untrusted Pointer Dereference in Power Optimization Firmware"}},"cveMetadata":{"assignerOrgId":"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f","assignerShortName":"qualcomm","cveId":"CVE-2025-47408","datePublished":"2026-05-04T16:43:14.541Z","dateReserved":"2025-05-06T08:33:16.278Z","dateUpdated":"2026-05-05T03:56:27.690Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-04 17:16:21","lastModifiedDate":"2026-05-06 18:03:00","problem_types":["CWE-822","CWE-119","CWE-822 CWE-822 Untrusted Pointer Dereference"],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CDE1CBDE-3D28-463C-B215-AA7DF373EF09"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6200:-:*:*:*:*:*:*:*","matchCriteriaId":"66BD3B88-7CF9-482D-A2DD-67F6ACF4CC57"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iqx5121_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"499A2520-436C-4B12-849D-98B94088CCDE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iqx5121:-:*:*:*:*:*:*:*","matchCriteriaId":"4C34A825-C928-4F8F-B076-19F8787A3440"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iqx7181_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F58C10B5-2BB1-4A8F-AF4B-2EC791C9FBBE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iqx7181:-:*:*:*:*:*:*:*","matchCriteriaId":"9EE22328-BBF8-473C-8F89-58AEF8CC9D75"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca0000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC941093-1A7C-47B2-AB3B-05AE4AE2FBE4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca0000:-:*:*:*:*:*:*:*","matchCriteriaId":"7A2AA834-C17C-4E0E-A510-795818041E47"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72433485-B229-46A6-BCA4-394AA4EEA683"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"04D40EC4-BF31-4BFD-8D0A-8193F541AF02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FACA2BF1-85D3-447F-A08D-B90330A22550"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*","matchCriteriaId":"C2ABA18D-82C1-4366-B1D7-DED42DD3D5C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_7c_compute_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9B80BE46-13C8-4AA5-8C39-865603713F8B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_7c_compute:-:*:*:*:*:*:*:*","matchCriteriaId":"5489E441-7C58-4B0F-B878-9060ABE05D9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_7c_gen_2_compute_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2931C0E3-D4E7-4A75-B80E-0E248E2E5001"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_7c_gen_2_compute:-:*:*:*:*:*:*:*","matchCriteriaId":"7C7F2111-F4F3-4C22-B9F8-65EAF8FF7452"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"665811D8-F648-4F32-A375-FAF9C9E928B3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"2A537932-6EAD-411B-83FF-48CF050F603A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2\\+_gen_1_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FD779739-5919-43A9-B949-D1FB4A46FA11"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2\\+_gen_1:-:*:*:*:*:*:*:*","matchCriteriaId":"BDA3083D-C664-45C7-98CD-E90223F887A8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"47408","Ordinal":"1","Title":"Untrusted Pointer Dereference in Power Optimization Firmware","CVE":"CVE-2025-47408","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"47408","Ordinal":"1","NoteData":"Memory corruption when another driver calls an IOCTL with invalid input/output buffer.","Type":"Description","Title":"Untrusted Pointer Dereference in Power Optimization Firmware"}]}}}