CVE Alert: CVE-2025-47328 - Qualcomm, Inc. - Snapdragon

CVE-2025-47328

HIGHNo exploitation known

Transient DOS while processing power control requests with invalid antenna or stream values.

CVSS v3.1 (7.5)

AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED

Vendor

Qualcomm, Inc.

Product

Snapdragon

Versions

FastConnect 7800 | Immersive Home 3210 Platform | Immersive Home 326 Platform | IPQ5300 | IPQ5302 | IPQ5312 | IPQ5332 | IPQ5424 | IPQ9008 | IPQ9048 | IPQ9554 | IPQ9570 | IPQ9574 | QCA0000 | QCA8075 | QCA8080 | QCA8081 | QCA8082 | QCA8084 | QCA8085 | QCA8101 | QCA8102 | QCA8111 | QCA8112 | QCA8384 | QCA8385 | QCA8386 | QCC710 | QCF8000 | QCF8001 | QCN5124 | QCN5224 | QCN6224 | QCN6274 | QCN6402 | QCN6412 | QCN6422 | QCN6432 | QCN9000 | QCN9012 | QCN9024 | QCN9074 | QCN9160 | QCN9274 | QFW7114 | QFW7124 | QMP1000 | QXM8083 | SM8735 | SM8750 | SM8750P | Snapdragon X72 5G Modem-RF System | Snapdragon X75 5G Modem-RF System | SW-only | WCD9340 | WCD9378 | WCD9395 | WCN7750 | WCN7860 | WCN7861 | WCN7880 | WCN7881 | WSA8830 | WSA8832 | WSA8835 | WSA8840 | WSA8845 | WSA8845H

CWE

CWE-126, CWE-126 Buffer Over-read

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published

2025-09-24T15:33:54.999Z

Updated

2025-09-24T15:33:54.999Z

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html

AI Summary Analysis

Risk verdict

High risk of remote Denial-of-Service against devices using the Qualcomm WLAN HAL; urgency depends on exploit activity and patch availability.

Why this matters

An attacker can disrupt power-control processing by sending crafted requests with invalid antenna or stream values, potentially rendering devices temporarily unusable on affected networks. This could hit consumer, enterprise, and automotive deployments relying on Snapdragon WLAN, with direct impact on availability and user experience.

Most likely attack path

An attacker on the same wireless network can transmit crafted power-control requests to the WLAN HAL without authentication or user interaction, exploiting the network attack surface. The impact is a targeted DoS within the WLAN subsystem, with limited preconditions (no UI required) and the potential to affect multiple services sharing the WLAN stack.

Who is most exposed

Devices containing Qualcomm Snapdragon WLAN components—mobile devices, IoT, laptops, and automotive/embedded systems—across consumer and enterprise environments.

Detection ideas

Spikes in power-control messages with invalid payloads observed in WLAN logs.
Recurrent WLAN HAL processing errors or crashes in system/kernel logs.
Unexplained connectivity outages or throughput degradation aligned with unusual WLAN control activity.
Logs referencing buffer over-read or related CWE-126 indicators in the WLAN driver.
Anomalous device reboots or resets tied to WLAN subsystem events.

Mitigation and prioritisation

Apply vendor patches/firmware updates as they are released; prioritise once available.
If KEV is true or EPSS ≥ 0.5, treat as priority 1.
Implement compensating controls: restrict or monitor WLAN management/control frames, segment affected devices, and minimise exposure via network access controls.
Enable enhanced logging for WLAN HAL errors and establish rapid alerting for invalid parameter events.
Plan staged change-management with testing in lab environments before broader rollout.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-47328, OSINT, qualcomm-inc, snapdragon, threatintel