{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/satellite-data/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2025-47392"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2025-47392","memory corruption","satellite data"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2025-47392 is a memory corruption vulnerability found in software that decodes satellite data files. The vulnerability is triggered when processing corrupted data files containing invalid signature offsets. Qualcomm, Inc. reported this vulnerability, highlighting its potential impact on systems relying on satellite data processing. Successfully exploiting this issue could lead to arbitrary code execution or denial-of-service conditions. This vulnerability affects systems using the vulnerable decoding software. Defenders should investigate the Qualcomm security bulletin for affected product details.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eSince exploitation details are not public, the following attack chain is a hypothetical reconstruction based on similar memory corruption vulnerabilities.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious satellite data file with a corrupted signature offset.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the crafted data file to a vulnerable system via an adjacent network (AV:A).\u003c/li\u003e\n\u003cli\u003eThe vulnerable software attempts to decode the corrupted satellite data file.\u003c/li\u003e\n\u003cli\u003eDuring the decoding process, the invalid signature offset is used to access memory.\u003c/li\u003e\n\u003cli\u003eAn integer overflow or wraparound (CWE-190) occurs when calculating the memory address.\u003c/li\u003e\n\u003cli\u003eThe software attempts to write data to an arbitrary memory location due to the corrupted offset.\u003c/li\u003e\n\u003cli\u003eMemory corruption occurs, potentially overwriting critical data or code.\u003c/li\u003e\n\u003cli\u003eThe corrupted memory leads to arbitrary code execution or a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-47392 can lead to memory corruption, potentially resulting in arbitrary code execution or a denial-of-service condition. The affected systems likely include devices and infrastructure that rely on decoding satellite data. The vulnerability has a CVSS v3.1 base score of 8.8, indicating a high severity. The specific number of affected devices is currently unknown but could be substantial given the widespread use of satellite data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for attempts to deliver malformed satellite data files to systems using vulnerable decoding software. Enable network connection logging to detect this activity.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Satellite Data Decoding Memory Corruption Attempt\u003c/code\u003e to identify processes attempting to decode potentially malicious data files.\u003c/li\u003e\n\u003cli\u003eInvestigate and patch vulnerable systems identified in the Qualcomm security bulletin to remediate CVE-2025-47392.\u003c/li\u003e\n\u003cli\u003eMonitor processes for unexpected memory access patterns that may indicate exploitation attempts resulting from this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T16:16:28Z","date_published":"2026-04-06T16:16:28Z","id":"/briefs/2026-04-cve-2025-47392/","summary":"CVE-2025-47392 describes a memory corruption vulnerability that occurs when decoding corrupted satellite data files with invalid signature offsets, reported by Qualcomm, Inc.","title":"Memory Corruption Vulnerability in Satellite Data Decoding (CVE-2025-47392)","url":"https://feed.craftedsignal.io/briefs/2026-04-cve-2025-47392/"}],"language":"en","title":"CraftedSignal Threat Feed — Satellite Data","version":"https://jsonfeed.org/version/1.1"}