CVE-2025-47370 is a vulnerability identified as CWE-617 (Reachable Assertion) affecting numerous Qualcomm Snapdragon platforms and associated wireless connectivity modules. The issue arises during Bluetooth Low Energy (LE) connectable scanning when a remote device sends an invalid connection request. This malformed request triggers an assertion failure within the Bluetooth stack, causing a transient denial of service (DoS) condition. The assertion failure disrupts normal Bluetooth operations, temporarily affecting device availability but does not lead to data compromise or persistent device malfunction. The vulnerability has a CVSS 3.1 base score of 6.5, reflecting medium severity, with an attack vector of adjacent network (Bluetooth), low attack complexity, no privileges required, no user interaction, and impact limited to availability. The affected products span a broad range of Qualcomm Snapdragon chipsets and wireless platforms, including mobile platforms (e.g., Snapdragon 8 Gen 2, 7c+ Gen 3 Compute), automotive modems, and sound platforms. The vulnerability was publicly disclosed on November 4, 2025, with no known exploits in the wild and no patches currently linked. The flaw could be exploited by an attacker within Bluetooth range sending crafted invalid connection requests to cause temporary service disruption on affected devices.

For European organizations, the primary impact of CVE-2025-47370 is transient denial of service on devices using affected Qualcomm Snapdragon chipsets. This can disrupt Bluetooth connectivity, affecting mobile devices, automotive systems, and IoT devices that rely on Bluetooth LE for communication. In sectors such as automotive manufacturing, logistics, and mobile communications, this could lead to temporary loss of critical wireless functions, impacting operational continuity and user experience. While the vulnerability does not compromise confidentiality or integrity, availability interruptions could affect business processes, especially in environments with high reliance on Bluetooth-enabled devices. The broad range of affected chipsets means many consumer and enterprise devices across Europe could be vulnerable. The lack of user interaction or privileges required makes exploitation feasible by nearby attackers, increasing risk in public or unsecured environments. However, the transient nature of the DoS limits long-term damage.

1. Monitor Qualcomm and device vendor advisories closely for patches or firmware updates addressing CVE-2025-47370 and apply them promptly once available. 2. Implement Bluetooth access controls by disabling Bluetooth LE scanning or connectivity on devices where it is not required, especially in sensitive or critical environments. 3. Use Bluetooth device whitelisting or MAC address filtering to restrict connections to trusted devices only. 4. In enterprise and automotive environments, consider deploying Bluetooth intrusion detection/prevention systems to detect and block malformed connection attempts. 5. Educate users and administrators about the risks of connecting to unknown Bluetooth devices and encourage disabling Bluetooth when not in use. 6. For critical infrastructure, evaluate the feasibility of physical or RF shielding to limit Bluetooth attack surface. 7. Maintain network segmentation to isolate vulnerable devices and limit potential impact of Bluetooth-based disruptions.