CVE-2025-47347 is a stack-based buffer overflow vulnerability classified under CWE-121, discovered in the virtual memory management interface of Qualcomm Snapdragon chipsets. The vulnerability occurs due to improper handling of control commands that leads to memory corruption on the stack. This flaw allows an attacker with local privileges to overwrite critical memory regions, potentially enabling arbitrary code execution, privilege escalation, and system compromise. The affected Snapdragon models span multiple generations and product lines, including QAM8255P through SRV1M variants, indicating a broad impact across many devices. The CVSS v3.1 score of 7.8 reflects high severity, with attack vector local, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Although no public exploits have been observed yet, the vulnerability’s nature and affected components suggest a strong potential for exploitation in targeted attacks. The vulnerability was reserved in May 2025 and published in October 2025, with Qualcomm likely working on patches. The absence of patch links indicates that fixes may still be pending or in distribution. This vulnerability is critical for mobile devices and embedded systems relying on Snapdragon chipsets, as exploitation could lead to full device compromise and unauthorized access to sensitive data.

The impact of CVE-2025-47347 is significant for organizations and individuals using devices powered by affected Qualcomm Snapdragon chipsets. Successful exploitation can lead to full compromise of the device, including unauthorized access to confidential data, disruption of device operations, and installation of persistent malware. For enterprises, this could mean exposure of corporate data on employee mobile devices, potential lateral movement within networks, and disruption of business-critical mobile applications. The vulnerability’s local attack vector means that attackers must first gain limited access, such as through a malicious app or compromised user account, but once achieved, they can escalate privileges and control the device. This elevates the risk in environments where devices are shared, or where endpoint security is weak. The broad range of affected Snapdragon models means a large global population of smartphones, IoT devices, and embedded systems are at risk, amplifying the potential scale of impact. Additionally, the high impact on confidentiality, integrity, and availability underscores the threat to data security and device reliability.

To mitigate CVE-2025-47347, organizations and users should: 1) Monitor Qualcomm and device manufacturers for official patches and apply them promptly once available. 2) Enforce strict application whitelisting and privilege restrictions on devices to limit the ability of untrusted applications to execute or escalate privileges. 3) Employ mobile device management (MDM) solutions to control software installation and enforce security policies. 4) Conduct regular security audits and vulnerability assessments on mobile endpoints to detect signs of exploitation or compromise. 5) Educate users about the risks of installing untrusted applications or granting excessive permissions. 6) For enterprises, segment mobile device access from critical internal networks to reduce lateral movement risk. 7) Utilize runtime protection technologies that can detect and block exploitation attempts targeting memory corruption vulnerabilities. 8) Implement strong authentication and endpoint encryption to protect data even if device compromise occurs. These measures, combined with timely patching, will reduce the attack surface and limit the potential for successful exploitation.