Critical Secure Boot Vulnerability in Qualcomm Chipsets
Qualcomm has issued a security alert regarding multiple newly discovered vulnerabilities in its chipset ecosystem, with particular emphasis on a critical flaw affecting the secure boot process. The most severe vulnerability, identified as CVE-2025-47372 and rated as critical with a CVSS score of 9.0, involves a buffer overflow during the boot sequence that could allow attackers to bypass verification routines, install persistent malicious firmware, or gain control of a device before the operating system loads. This flaw, classified under CWE-120 (Classic Buffer Overflow), impacts a wide range of Snapdragon and QAM devices, and Qualcomm has urged device manufacturers to integrate the necessary fixes into both current and future products.
The vulnerability was discovered with the assistance of external researchers and has been highlighted in Qualcomm's December 2025 security bulletin. Security authorities, including the Canadian Centre for Cyber Security, have echoed Qualcomm's advisory, strongly recommending that users and administrators review the bulletin and apply all relevant updates to mitigate the risk. The flaw's presence at such a fundamental stage of device operation underscores the urgency for prompt remediation across affected hardware.
Timeline
Dec 1, 2025
Canadian Centre for Cyber Security issues advisory on Qualcomm bulletin
On 2025-12-01, the Canadian Centre for Cyber Security published advisory AV25-797 highlighting Qualcomm's December 2025 bulletin and specifically noting CVE-2025-47372 as a critical vulnerability. The advisory urged users and administrators to review the bulletin and apply recommended updates.
Dec 1, 2025
Qualcomm publishes December 2025 security bulletin for critical flaws
On 2025-12-01, Qualcomm released its December 2025 security bulletin addressing multiple vulnerabilities in its products, including the critical CVE-2025-47372. The bulletin recommended applying available updates to mitigate risk.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
Related Stories
Hardware-Level Android Chip Vulnerabilities Enable Device Compromise
Security researchers and vendors reported **hardware/firmware-level vulnerabilities in Android chip components** that can enable deep device compromise beyond typical app-layer defenses. Ledger’s Donjon research described a flaw involving **MediaTek chip boot-chain behavior and Trustonic’s trusted execution environment (TEE)** that allowed rapid physical compromise: by connecting an affected phone to a laptop over **USB**, attackers could allegedly brute-force the PIN, decrypt storage, and extract sensitive data including messages and **cryptocurrency wallet seed phrases** (e.g., Kraken Wallet, Phantom). The researchers estimated the affected MediaTek chips appear in roughly **one-quarter of Android phones**, disproportionately in lower-cost devices. Separately, Zimperium reported active exploitation of a **Qualcomm graphics zero-day** (**CVE-2026-21385**) in targeted Android attacks, describing a memory-corruption condition that could enable code execution or unauthorized access across “hundreds” of Qualcomm chipsets. A ZDNET article on Android’s *Repair Mode* primarily provides user guidance and anecdotal troubleshooting around a buggy March update/SIM recognition issue; it does not substantively address the chip-level vulnerabilities described in the other reporting and is best treated as tangential consumer advice rather than incident or vulnerability intelligence.
1 months ago
Google March Android Security Bulletin Patches 129 Flaws Including Actively Exploited Qualcomm Display Zero-Day
Google released the March 2026 *Android Security Bulletin*, issuing fixes for **129 vulnerabilities** across the Android ecosystem and shipping two patch levels (`2026-03-01` and `2026-03-05`) to help OEMs stage platform and hardware-specific updates. The most urgent issue is **CVE-2026-21385**, a **high-severity, actively exploited** zero-day in an open-source **Qualcomm display** component used in Android devices with affected Qualcomm/Snapdragon chipsets. Reporting indicates CVE-2026-21385 is a **memory-corruption** flaw caused by an **integer overflow/wraparound** condition that can lead to memory corruption during allocation/alignment in display drivers; successful exploitation could enable device compromise (e.g., arbitrary code execution and/or privilege escalation) and bypass security boundaries. Google and Qualcomm both acknowledged **limited, targeted exploitation in the wild**, and one account attributes discovery/confirmation of exploitation to Google’s **Threat Analysis Group (TAG)**; devices not updated to at least patch level `2026-03-05` remain exposed, making rapid patch deployment and user update compliance the primary risk-reduction actions.
1 months ago
Multiple Critical Vulnerabilities Disclosed Across Major Software and Hardware Platforms
Several critical vulnerabilities have been disclosed affecting a range of widely used software frameworks and hardware platforms. Notable issues include a critical flaw in the Apache bRPC framework (CVE-2025-59789) that exposes high-performance systems to crash risks, a high-severity unauthenticated XXE vulnerability in GeoServer (CVE-2025-58360) enabling file theft and SSRF, and a critical SQL injection vulnerability in Devolutions Server (CVE-2025-13757) that allows authenticated attackers to steal all stored passwords. Additional disclosures include a proof-of-concept exploit for a Windows Administrator Protection elevation of privilege vulnerability (CVE-2025-60718), a critical boot process compromise in Snapdragon 8 Gen 3 and 5G modems (CVE-2025-47372), and a flaw in Apache Kvrocks that allows privilege escalation via the 'RESET' command. A separate high-severity vulnerability (CVE-2025-61618) was identified in Unisoc T8100/T9100/T8200/T8300 chipsets, affecting Android devices and allowing remote denial of service through improper input validation in the NR modem. These vulnerabilities collectively highlight the ongoing risk posed by both software and hardware flaws, with several enabling remote code execution, privilege escalation, or denial of service. Organizations using affected products should prioritize patching and mitigation efforts to reduce exposure to these critical threats.
1 months ago