CVE-2025-47369

MEDIUM

Qualcomm AR8035 Firmware - Information Disclosure via Weak Session ID Hash in IOCTL Response

Title source: llm

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.

Core 1

Core References

Patch, Vendor Advisory

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-200

Status published

Products (50)

qualcomm/ar8035_firmware

qualcomm/csra6620_firmware

qualcomm/csra6640_firmware

qualcomm/fastconnect_6200_firmware

qualcomm/fastconnect_6700_firmware

qualcomm/fastconnect_6800_firmware

qualcomm/fastconnect_6900_firmware

qualcomm/fastconnect_7800_firmware

qualcomm/flight_rb5_5g_platform_firmware

qualcomm/mdm9628_firmware

... and 40 more

Published Jan 07, 2026

Tracked Since Feb 18, 2026