How to fix CVE-2025-47378?

Within 24 hours: Identify and inventory all systems running affected virtualization platforms; disable shared VM references if operationally feasible; implement enhanced monitoring for suspicious boot loader access attempts. Within 7 days: Conduct risk assessment to prioritize critical systems; implement network segmentation to isolate high-value VMs; establish incident response procedures for potential compromise. Within 30 days: Maintain continuous monitoring; prepare remediation runbooks; coordinate with vendor for patch timeline and test in non-production environments upon release.

Is Fastconnect 6900 Firmware affected by CVE-2025-47378?

A cryptographic vulnerability in shared VM references enables unauthorized access to boot loaders and certificate chains, potentially allowing attackers to compromise system integrity and bypass security controls.

CVE-2025-47378

HIGH

2026-03-02 [email protected]

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 02, 2026 - 17:16 nvd

HIGH 7.1

Tags

Information Disclosure Fastconnect 6900 Firmware Snapdragon Xr2 5g Platform Firmware Sar2230p Firmware Snapdragon Ar1 Gen 1 Platform Firmware Xg101002 Firmware Qln1086bd Firmware Qamsrv1h Firmware X2000092 Firmware Sar1250p Firmware Sa8770p Firmware Qxm1096 Firmware Qpa1083bd Firmware Qca6696 Firmware Sar2130p Firmware Qca6797aq Firmware X2000090 Firmware Wcd9378c Firmware Qxm1094 Firmware Qam8255p Firmware Cologne Firmware Wsa8815 Firmware Snapdragon X55 5g Modem Rf System Firmware Sd865 5g Firmware Snapdragon 870 5g Mobile Platform Firmware Qca6391 Firmware Srv1m Firmware Wcd9380 Firmware Sxr2230p Firmware Pandeiro Firmware X2000094 Firmware Sa7775p Firmware Qpa1086bd Firmware X2000086 Firmware Fastconnect 6800 Firmware Wcd9395 Firmware Sa8620p Firmware Snapdragon 8 Elite Gen 5 Firmware X2000077 Firmware Wsa8845h Firmware Qxm1086 Firmware Sa9000p Firmware Snapdragon 865 5g Mobile Platform Firmware Lemansau Firmware Lemans Au Lgit Firmware Xg101032 Firmware Qxm1095 Firmware Qca6595au Firmware Wsa8845 Firmware Wcn3950 Firmware Wcd9385 Firmware Wcn7860 Firmware Wsa8830 Firmware Sa7255p Firmware Qxm1093 Firmware Sar1165p Firmware Qln1083bd Firmware Xg101039 Firmware Wsa8810 Firmware Qamsrv1m Firmware Qca6698aq Firmware Srv1h Firmware Wsa8835 Firmware Qxm1083 Firmware Qca6595 Firmware Wcn7861 Firmware Wsa8832 Firmware Sa8255p Firmware Fastconnect 7800 Firmware Wsa8840 Firmware Sxr2250p Firmware Fastconnect 6700 Firmware

Description

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

Analysis

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. [CVSS 7.1 HIGH]

Technical Context

Affects Cologne Firmware. Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

Affected Products

Vendor: Qualcomm. Product: Cologne Firmware. Versions: up to -.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2025-47378 vulnerability details – vuln.today

Back