CVE-2025-47330 is a buffer over-read vulnerability categorized under CWE-126 found in Qualcomm Snapdragon chipsets. The flaw occurs during the parsing of video packets received from the video firmware, leading to a transient denial of service (DoS) condition. This vulnerability affects an extensive list of Qualcomm products, including numerous Snapdragon mobile platforms (from Snapdragon 215 up to Snapdragon 8 Gen 3), FastConnect wireless subsystems, automotive platforms, wearable platforms, and various modem-RF systems. The vulnerability is exploitable with low complexity (AC:L), requires low privileges (PR:L), and no user interaction (UI:N), but the attack vector is local (AV:L), meaning an attacker must have local access to the device or system. The impact is limited to availability (A:H) with no confidentiality or integrity compromise. The transient DoS could disrupt video processing or related services temporarily, potentially affecting device stability or functionality. No patches are currently linked, and no known exploits are reported in the wild. The vulnerability was published in January 2026, with the CVSS score of 5.5 (medium severity). The broad range of affected products indicates a systemic issue in the video packet parsing code across Qualcomm’s Snapdragon ecosystem.

For European organizations, the impact primarily involves potential service disruptions due to transient denial of service conditions on devices using affected Qualcomm Snapdragon platforms. This includes smartphones, tablets, automotive infotainment and telematics systems, IoT devices, wearables, and embedded systems relying on these chipsets. Disruptions in mobile devices could affect employee communications and productivity, while automotive platform impacts could affect vehicle safety and telematics services. IoT and embedded system disruptions could impact industrial control, smart city infrastructure, and healthcare devices. Although the vulnerability does not compromise data confidentiality or integrity, availability interruptions could lead to operational downtime and reduced trust in affected systems. Organizations with large deployments of Snapdragon-based devices or critical infrastructure relying on Qualcomm platforms may face increased risk. The local attack vector limits remote exploitation but insider threats or compromised local access could leverage this vulnerability.

Organizations should monitor Qualcomm’s security advisories for patches addressing CVE-2025-47330 and apply updates promptly once available. Until patches are released, restrict local access to devices and systems running affected Snapdragon platforms, especially limiting access to video firmware interfaces and related services. Implement strict device management policies to prevent unauthorized local access or privilege escalation on mobile and embedded devices. Employ endpoint detection and response (EDR) solutions to monitor for anomalous behavior related to video processing components. For automotive and IoT deployments, ensure secure firmware update mechanisms and isolate critical systems from untrusted local users. Conduct regular security audits of devices using Qualcomm chipsets to identify potential exploitation attempts. Collaborate with device vendors to confirm patch availability and deployment timelines. Additionally, educate users and administrators about the risks of local privilege misuse and enforce strong physical security controls.