{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2025-47391/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2025-47391"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2025-47391","memory corruption","qualcomm","stack-based buffer overflow"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2025-47391 is a critical memory corruption vulnerability affecting Qualcomm products. The vulnerability stems from a stack-based buffer overflow (CWE-121) triggered during the processing of a frame request. The vulnerability is detailed in the Qualcomm Security Bulletin for April 2026. A successful exploit could lead to arbitrary code execution within the context of the affected process. This vulnerability poses a significant risk to devices utilizing vulnerable Qualcomm components, potentially allowing attackers to gain unauthorized access and control. Defenders should prioritize identifying affected devices and applying necessary patches as soon as they become available.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eSince no specific exploit details are provided in the source, the following attack chain describes the general steps involved in exploiting a stack-based buffer overflow when processing a frame request.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious frame request.\u003c/li\u003e\n\u003cli\u003eThe frame request is sent to the vulnerable Qualcomm component.\u003c/li\u003e\n\u003cli\u003eThe component\u0026rsquo;s software processes the frame request.\u003c/li\u003e\n\u003cli\u003eA stack-based buffer overflow occurs due to insufficient bounds checking when handling the request.\u003c/li\u003e\n\u003cli\u003eThe attacker overwrites adjacent memory on the stack, including return addresses.\u003c/li\u003e\n\u003cli\u003eUpon function return, execution is redirected to attacker-controlled code.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code, potentially gaining control of the device.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-47391 can lead to arbitrary code execution, potentially allowing an attacker to gain complete control over the affected device. Given the widespread use of Qualcomm components in mobile devices and other embedded systems, the impact could be significant, affecting a large number of users. The memory corruption vulnerability could allow for data theft, device compromise, and denial of service.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for suspicious frame requests targeting Qualcomm-based devices, and deploy the network connection rule below to detect unusual outbound activity after potential exploitation.\u003c/li\u003e\n\u003cli\u003eAnalyze process memory for unusual code execution patterns, and implement the process creation rule to detect unexpected processes being launched.\u003c/li\u003e\n\u003cli\u003eReview and apply the security updates provided in the Qualcomm Security Bulletin for April 2026 to patch CVE-2025-47391.\u003c/li\u003e\n\u003cli\u003eMonitor for registry modifications indicative of persistence, using the registry_set rule below to detect unusual registry changes.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T16:16:27Z","date_published":"2026-04-06T16:16:27Z","id":"/briefs/2026-04-cve-2025-47391/","summary":"CVE-2025-47391 is a memory corruption vulnerability due to a stack-based buffer overflow (CWE-121) while processing a frame request, as detailed in the Qualcomm security bulletin for April 2026, potentially leading to arbitrary code execution.","title":"CVE-2025-47391 Qualcomm Memory Corruption Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-cve-2025-47391/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2025-47391","version":"https://jsonfeed.org/version/1.1"}