Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide.
The most severe flaw threatens the secure boot process, a fundamental security mechanism that protects devices from malicious software during startup.
The security update, published today, addresses six high-priority vulnerabilities discovered in Qualcomm’s proprietary software.
Among these, CVE-2025-47372 stands out as the most critical threat, receiving the company’s highest security rating for its potential impact on the boot process.
Critical Boot Vulnerability Discovered
CVE-2025-47372 has been classified with a “Critical” security rating and a “Critical” CVSS (Common Vulnerability Scoring System) rating, indicating its severe nature.
This vulnerability affects the boot technology area, which controls how devices start up and load their operating systems.
When compromised, attackers could potentially bypass security checks, install persistent malware, or gain unauthorized control over affected devices before the operating system even loads.
The flaw was discovered internally by Qualcomm’s security team, demonstrating the company’s proactive approach to identifying threats.
However, the discovery raises concerns about how long the vulnerability may have existed in deployed devices before detection.
Additional Security Threats Identified
Alongside the critical boot flaw, Qualcomm disclosed five other significant vulnerabilities:
CVE-2025-47319 affects the HLOS (High-Level Operating System) with a critical security rating, though its CVSS rating is medium. This internal discovery could impact device operating system functionality.
CVE-2025-47325 targets TZ Firmware and was reported by external security researchers Niek Timmers and Cristofaro Mune from Raelize on September 3, 2025. This high-rated vulnerability demonstrates the value of collaboration between manufacturers and independent researchers.
Additional high-severity flaws were found in audio systems (CVE-2025-47323), DSP services (CVE-2025-47350), and camera functionality (CVE-2025-47387), all discovered internally.
Qualcomm is actively sharing security patches with original equipment manufacturers (OEMs) and strongly recommends immediate deployment on all released devices.
The company emphasized that device manufacturers should prioritize these updates due to their high-impact nature.
Users concerned about their device security should contact their device manufacturers directly to inquire about patch availability and update schedules.
The company has established a dedicated email address for questions related to this security bulletin.
This incident underscores the ongoing challenges facing the technology industry in maintaining device security across complex hardware and software ecosystems.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.