CVE-2025-47405
published 2026-05-04CVE-2025-47405: Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.07%
0.1th percentile
Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3f7x-m7w7-vqr9: Memory corruption when processing camera sensor input/output control codes with invalid output buffers
ghsa_unreviewed·2026-05-04
CVE-2025-47405 [HIGH] CWE-119 GHSA-3f7x-m7w7-vqr9: Memory corruption when processing camera sensor input/output control codes with invalid output buffers
Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
VulDB
Qualcomm Snapdragon Compute/Snapdragon Industrial IOT FastConnect 6900 up to WSA8845 untrusted pointer dereference
vuldb·2026-05-04·CVSS 7.8
CVE-2025-47405 [HIGH] Qualcomm Snapdragon Compute/Snapdragon Industrial IOT FastConnect 6900 up to WSA8845 untrusted pointer dereference
A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Compute and Snapdragon Industrial IOT. This impacts an unknown function. The manipulation results in untrusted pointer dereference.
This vulnerability is reported as CVE-2025-47405. The attack requires a local approach. No exploit exists.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-04
Published