CVE-2025-47364 is a medium severity integer overflow vulnerability identified in multiple Qualcomm Snapdragon chipsets, including models from the QAM, QCA, SA, and SRV series. The flaw arises during the calculation of offsets from partition start points, where an integer overflow or wraparound can occur, leading to memory corruption. This memory corruption can potentially be exploited to compromise the confidentiality, integrity, and availability of affected devices. The vulnerability has a CVSS 3.1 base score of 6.8, with the vector indicating that exploitation requires physical access (AV:P), low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits have been reported in the wild as of the publication date (February 2026). The affected Snapdragon chipsets are widely used in mobile devices, IoT, and telecommunications equipment. The root cause is an integer overflow (CWE-190) during offset calculation, which can cause buffer overflows or memory corruption, potentially allowing attackers with physical access to execute arbitrary code or cause denial of service. Qualcomm has not yet published patches, so mitigation currently relies on physical security and monitoring.

For European organizations, the impact of CVE-2025-47364 can be significant, especially those relying on devices or infrastructure powered by affected Qualcomm Snapdragon chipsets. Telecommunications providers, mobile network operators, and enterprises using Snapdragon-based IoT or edge devices could face risks of data breaches, unauthorized code execution, or service disruptions. The vulnerability’s ability to compromise confidentiality, integrity, and availability means sensitive data could be exposed or altered, and critical services could be interrupted. Since exploitation requires physical access, the threat is more pronounced in environments where devices are accessible to untrusted personnel or in public-facing locations. The broad range of affected chipsets increases the attack surface across multiple device categories. Without available patches, organizations must rely on physical security controls and vigilant monitoring to mitigate risk. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

1. Apply security patches from Qualcomm promptly once they become available for the affected Snapdragon chipsets. 2. Enforce strict physical security controls to prevent unauthorized access to devices containing vulnerable chipsets, including secure storage and access logging. 3. Implement device hardening measures such as disabling unnecessary debug interfaces and enforcing secure boot mechanisms to limit exploitation opportunities. 4. Monitor device behavior for anomalies indicative of memory corruption or exploitation attempts, including unexpected reboots or crashes. 5. For telecom operators, segment and isolate critical network infrastructure to contain potential compromises. 6. Maintain an inventory of devices with affected chipsets to prioritize patching and security reviews. 7. Educate staff on the risks of physical tampering and establish procedures for reporting suspicious activity. 8. Collaborate with vendors and suppliers to ensure timely updates and vulnerability disclosures.