Qualcomm Applied sciences, Inc. has issued an pressing safety bulletin warning clients about a number of vital vulnerabilities affecting tens of millions of gadgets worldwide.
Essentially the most extreme flaw threatens the safe boot course of, a elementary safety mechanism that protects gadgets from malicious software program throughout startup.
The safety replace, printed immediately, addresses six high-priority vulnerabilities found in Qualcomm’s proprietary software program.
Amongst these, CVE-2025-47372 stands out as essentially the most vital risk, receiving the corporate’s highest safety score for its potential impression on the boot course of.
Crucial Boot Vulnerability Found
CVE-2025-47372 has been categorized with a “Crucial” safety score and a “Crucial” CVSS (Widespread Vulnerability Scoring System) score, indicating its extreme nature.
This vulnerability impacts the boot expertise space, which controls how gadgets begin up and cargo their working programs.
When compromised, attackers may doubtlessly bypass safety checks, set up persistent malware, or acquire unauthorized management over affected gadgets earlier than the working system even hundreds.
The flaw was found internally by Qualcomm’s safety group, demonstrating the corporate’s proactive strategy to figuring out threats.
Nevertheless, the invention raises issues about how lengthy the vulnerability could have existed in deployed gadgets earlier than detection.
Extra Safety Threats Recognized
Alongside the vital boot flaw, Qualcomm disclosed 5 different important vulnerabilities:
CVE-2025-47319 impacts the HLOS (Excessive-Stage Working System) with a vital safety score, although its CVSS score is medium. This inside discovery may impression gadget working system performance.
CVE-2025-47325 targets TZ Firmware and was reported by exterior safety researchers Niek Timmers and Cristofaro Mune from Raelize on September 3, 2025. This high-rated vulnerability demonstrates the worth of collaboration between producers and unbiased researchers.
Extra high-severity flaws have been present in audio programs (CVE-2025-47323), DSP companies (CVE-2025-47350), and digicam performance (CVE-2025-47387), all found internally.
Qualcomm is actively sharing safety patches with authentic tools producers (OEMs) and strongly recommends rapid deployment on all launched gadgets.
The corporate emphasised that gadget producers ought to prioritize these updates because of their high-impact nature.
Customers involved about their gadget safety ought to contact their gadget producers on to inquire about patch availability and replace schedules.
The corporate has established a devoted e-mail handle for questions associated to this safety bulletin.
This incident underscores the continued challenges going through the expertise business in sustaining gadget safety throughout advanced {hardware} and software program ecosystems.
Observe us on Google Information, LinkedIn, and X to Get On the spot Updates and Set GBH as a Most popular Supply in Google.
