Qualcomm Snapdragon Auto up to WSA8845H HLOS information expsure

Summaryinfo

A vulnerability, which was classified as problematic, has been found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Technology and Snapdragon WBC. The impacted element is an unknown function of the component HLOS. This manipulation causes information expsure. This vulnerability is registered as CVE-2025-47319. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Technology and Snapdragon WBC and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HLOS. The manipulation with an unknown input leads to a information expsure vulnerability. The CWE definition for the vulnerability is CWE-497. The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS

It is possible to read the advisory at docs.qualcomm.com. This vulnerability is known as CVE-2025-47319 since 05/06/2025. The exploitation appears to be easy. Attacking locally is a requirement. The exploitation requires an enhanced level of successful authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the databases at CNNVD (CNNVD-202512-3715) and CERT Bund (WID-SEC-2025-2711). Be aware that VulDB is the high quality source for vulnerability data.

Affected

• Lenovo BIOS
• Lenovo Computer
• Google Android

Productinfo

Type

• Chip Software

Vendor

• Qualcomm

Name

• Snapdragon Auto
• Snapdragon CCW
• Snapdragon Compute
• Snapdragon Consumer IOT
• Snapdragon Mobile
• Snapdragon Technology
• Snapdragon WBC

Version

• AR8035
• FastConnect 6200
• FastConnect 6700
• FastConnect 6900
• FastConnect 7800
• QAM8255P
• QAM8295P
• QAM8620P
• QAM8650P
• QAM8775P
• QAMSRV1H
• QAMSRV1M
• QCA6174A
• QCA6574
• QCA6574A
• QCA6574AU
• QCA6584AU
• QCA6595
• QCA6595AU
• QCA6678AQ
• QCA6688AQ
• QCA6696
• QCA6698AQ
• QCA6797AQ
• QCA8081
• QCA8337
• QCC710
• QCM5430
• QCM6490
• QCN6224
• QCN6274
• QCS5430
• QCS6490
• QDU1010
• QDX1010
• QDX1011
• QEP8111
• QFW7114
• QFW7124
• QMP1000
• SA6145P
• SA6150P
• SA6155P
• SA7255P
• SA7775P
• SA8145P
• SA8150P
• SA8155P
• SA8195P
• SA8255P
• SA8295P
• SA8540P
• SA8620P
• SA8650P
• SA8770P
• SA8775P
• SA9000P
• SC8380XP
• SM4635
• SM6475
• SM6650
• SM6650P
• SM7435
• SM7635
• SM7635P
• SM7675
• SM7675P
• SM8635
• SM8635P
• SM8650Q
• SM8735
• SM8750
• SM8750P
• SRV1H
• SRV1L
• SRV1M
• SSG2115P
• SSG2125P
• SXR1230P
• SXR2230P
• SXR2250P
• WCD9340
• WCD9370
• WCD9375
• WCD9378
• WCD9380
• WCD9385
• WCD9390
• WCD9395
• WCN3950
• WCN3988
• WCN6650
• WCN6755
• WCN7750
• WCN7860
• WCN7861
• WCN7880
• WCN7881
• WSA8810
• WSA8815
• WSA8830
• WSA8832
• WSA8835
• WSA8840
• WSA8845
• WSA8845H

License

• commercial

Website

• Vendor: https://www.qualcomm.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion