Vulnerability Report

CVE-2025-47406

Title: Information Disclosure via IOCTL handler callbacks

Info Disclosure

Proof Of Concept

No public PoC currently indexed for CVE-2025-47406.

CWE Category CWE-125
Published Date May 04, 2026
Modified Date May 06, 2026
Exploit Status Not Found
Score 6.1 CVSS v3.1
Exploit Probability (EPSS)
0.01%

Vulnerability Summary

CVE-2025-47406: Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.

Impacted Vendors

Q
qualcomm 31

Reference Links

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html
CVSS v3.1
Source Entity [email protected]
Severity MEDIUM
6.1
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVSS v3.1
Source Entity [email protected]
Severity MEDIUM
5.5
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2025-47406 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector LOCAL
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Affected Stack

No specific products linked.