What is CVE-2025-47370?

A medium-severity vulnerability in Qualcomm firmware could lead to a transient denial-of-service (DoS) when invalid connection requests are received from remote devices. Immediate attention is advised for affected products.

What is the severity of CVE-2025-47370?

CVE-2025-47370 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2025-47370 | Medium Vulnerability in Qualcomm Firmware

CVE-2025-47370 is classified as a medium-severity vulnerability, with a CVSS score of 6.5. This vulnerability allows a transient denial-of-service (DoS) condition to occur when a remote device sends an invalid connection request during Bluetooth connectable LE scanning.

The impact of this vulnerability can disrupt services, potentially affecting various Qualcomm firmware products. Organizations using these devices should be aware of the potential for service interruptions caused by this flaw.

Currently, there are no known exploits for this vulnerability in the wild. Despite this, organizations should prioritize patching as it poses a risk to availability.

Organizations should prioritize remediation efforts, as mitigating this vulnerability is critical to maintaining service availability.

Vulnerability Details

The vulnerability described by CVE-2025-47370 affects various Qualcomm firmware components, such as the AR8035, CSRB31024, FastConnect series, and Snapdragon platforms. It was published on November 4, 2025, and is categorized under CWE-617, which deals with improper restriction of operations within the bounds of a memory buffer.

Technical Analysis

The root cause of this vulnerability lies in the handling of Bluetooth connection requests. The error occurs when the firmware does not properly validate the connection requests from remote devices. As a result, an attacker on the adjacent network can send a malformed connection request, leading to a transient DoS condition.

The attack vector is classified as adjacent network, requiring no user interaction and no privileges. The complexity of the attack is low, making it easier for potential attackers to exploit this vulnerability.

The impacts of this vulnerability are significant in terms of availability, with high potential for service disruption while confidentiality and integrity are not impacted.

Risk & Impact Analysis

The risk to organizations includes potential service outages that can arise from this vulnerability. Given that the attack complexity is low, organizations should be vigilant regarding their exposure to this flaw.

Assessing the blast radius, many Qualcomm firmware products are affected, extending the potential impact across various devices and networks. Organizations are urged to address this vulnerability in their patch cycles.

Given the medium CVSS score, organizations should prioritize remediation efforts and implement necessary patches to mitigate risks associated with this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of Qualcomm firmware products listed in the CVE entry are affected. Organizations should ensure they are running the latest firmware versions to mitigate the risks associated with this vulnerability.

Mitigation & Remediation

Qualcomm has provided patches for the affected firmware. Organizations should review their firmware versions and apply updates as soon as possible. For more information on the necessary updates, refer to the vendor advisory. Additionally, organizations should implement network controls and monitoring to detect any anomalies related to this vulnerability.

Detection Guidance

Organizations should monitor logs for indicators of abnormal behavior during Bluetooth connection attempts. Anomalies in connection requests, especially from unknown devices, should be investigated. Implementing network signatures to identify potential exploitation attempts is also advisable.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-47370 lies in highlighting the importance of robust validation mechanisms in firmware. This vulnerability underscores the need for security teams to prioritize the assessment of Bluetooth protocols in their risk management strategies.

Security teams should leverage insights from this vulnerability to enhance their security posture. Regular firmware assessments, alongside comprehensive penetration testing, can help identify similar weaknesses in their systems.

Organizations interested in proactive security measures can consider engaging in red teaming services to simulate advanced persistent threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-47370: Medium Vulnerability in Qualcomm Firmware