Qualcomm Applied sciences, Inc. has issued an pressing safety bulletin warning clients about a number of vital vulnerabilities affecting tens of millions of units worldwide.
Essentially the most extreme flaw threatens the safe boot course of, a basic safety mechanism that protects units from malicious software program throughout startup.
The safety replace, printed at this time, addresses six high-priority vulnerabilities found in Qualcomm’s proprietary software program.
Amongst these, CVE-2025-47372 stands out as probably the most vital menace, receiving the corporate’s highest safety ranking for its potential impression on the boot course of.
Important Boot Vulnerability Found
CVE-2025-47372 has been labeled with a “Important” safety ranking and a “Important” CVSS (Frequent Vulnerability Scoring System) ranking, indicating its extreme nature.
This vulnerability impacts the boot expertise space, which controls how units begin up and cargo their working methods.
When compromised, attackers may doubtlessly bypass safety checks, set up persistent malware, or acquire unauthorized management over affected units earlier than the working system even hundreds.
The flaw was found internally by Qualcomm’s safety group, demonstrating the corporate’s proactive strategy to figuring out threats.
Nevertheless, the invention raises issues about how lengthy the vulnerability could have existed in deployed units earlier than detection.
Extra Safety Threats Recognized
Alongside the vital boot flaw, Qualcomm disclosed 5 different vital vulnerabilities:
CVE-2025-47319 impacts the HLOS (Excessive-Degree Working System) with a vital safety ranking, although its CVSS ranking is medium. This inside discovery may impression machine working system performance.
CVE-2025-47325 targets TZ Firmware and was reported by exterior safety researchers Niek Timmers and Cristofaro Mune from Raelize on September 3, 2025. This high-rated vulnerability demonstrates the worth of collaboration between producers and unbiased researchers.
Extra high-severity flaws have been present in audio methods (CVE-2025-47323), DSP companies (CVE-2025-47350), and digital camera performance (CVE-2025-47387), all found internally.
Qualcomm is actively sharing safety patches with unique tools producers (OEMs) and strongly recommends instant deployment on all launched units.
The corporate emphasised that machine producers ought to prioritize these updates resulting from their high-impact nature.
Customers involved about their machine safety ought to contact their machine producers on to inquire about patch availability and replace schedules.
The corporate has established a devoted electronic mail tackle for questions associated to this safety bulletin.
This incident underscores the continued challenges going through the expertise business in sustaining machine safety throughout advanced {hardware} and software program ecosystems.
Observe us on Google Information, LinkedIn, and X to Get Instantaneous Updates and Set GBH as a Most well-liked Supply in Google.
