What is the CVSS score of CVE-2025-47378?

CVE-2025-47378 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Cologne Firmware are affected by CVE-2025-47378?

A cryptographic vulnerability in shared VM references enables unauthorized access to boot loaders and certificate chains, potentially allowing attackers to compromise system integrity and bypass…

How to fix or mitigate CVE-2025-47378?

Within 24 hours: Identify and inventory all systems running affected virtualization platforms; disable shared VM references if operationally feasible; implement enhanced monitoring for suspicious boot loader access attempts. Within 7 days: Conduct risk assessment to prioritize critical systems; implement network segmentation to isolate high-value VMs; establish incident response procedures for potential compromise. Within 30 days: Maintain continuous monitoring; prepare remediation runbooks; coordinate with vendor for patch timeline and test in non-production environments upon release.

Cologne Firmware CVE-2025-47378

HIGH

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)

2026-03-02 product-security@qualcomm.com

Information Disclosure Cologne Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Lemans Au Lgit Firmware Lemansau Firmware Pandeiro Firmware Qam8255p Firmware Qamsrv1h Firmware Qamsrv1m Firmware Qca6391 Firmware Qca6595 Firmware Qca6595au Firmware Qca6696 Firmware Qca6698aq Firmware Qca6797aq Firmware Qln1083bd Firmware Qln1086bd Firmware Qpa1083bd Firmware Qpa1086bd Firmware Qxm1083 Firmware Qxm1086 Firmware Qxm1093 Firmware Qxm1094 Firmware Qxm1095 Firmware Qxm1096 Firmware Sa7255p Firmware Sa7775p Firmware Sa8255p Firmware Sa8620p Firmware Sa8770p Firmware Sa9000p Firmware Sar1165p Firmware Sar1250p Firmware Sar2130p Firmware Sar2230p Firmware Sd865 5g Firmware Snapdragon 8 Elite Gen 5 Firmware Snapdragon 865 5g Mobile Platform Firmware Snapdragon 870 5g Mobile Platform Firmware Snapdragon Ar1 Gen 1 Platform Firmware Snapdragon X55 5g Modem Rf System Firmware Snapdragon Xr2 5g Platform Firmware Srv1h Firmware Srv1m Firmware Sxr2230p Firmware Sxr2250p Firmware Wcd9378c Firmware Wcd9380 Firmware Wcd9385 Firmware Wcd9395 Firmware Wcn3950 Firmware Wcn7860 Firmware Wcn7861 Firmware Wsa8810 Firmware Wsa8815 Firmware Wsa8830 Firmware Wsa8832 Firmware Wsa8835 Firmware Wsa8840 Firmware Wsa8845 Firmware Wsa8845h Firmware X2000077 Firmware X2000086 Firmware X2000090 Firmware X2000092 Firmware X2000094 Firmware Xg101002 Firmware Xg101032 Firmware Xg101039 Firmware

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 02, 2026 - 17:16 nvd

HIGH 7.1

DescriptionNVD

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

AnalysisAI

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. [CVSS 7.1 HIGH]

Technical ContextAI

Affects Cologne Firmware. Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-47378 vulnerability details – vuln.today

Back