CVE-2025-47383 Overview
CVE-2025-47383 is a cryptographic vulnerability affecting a wide range of Qualcomm firmware and hardware products. The vulnerability stems from weak configuration settings that can lead to cryptographic issues when a Voice over Wi-Fi (VoWiFi) call is triggered from the User Equipment (UE). This affects numerous Qualcomm chipsets used in mobile devices, automotive systems, IoT platforms, and wireless connectivity modules.
The vulnerability could allow an attacker with high privileges to compromise the confidentiality, integrity, and availability of affected systems through network-based attacks. Given the widespread deployment of affected Qualcomm products across smartphones, wearables, automotive platforms, and IoT devices, the potential impact surface is substantial.
Critical Impact
A network-accessible attacker with high privileges could exploit weak cryptographic configurations during VoWiFi call initiation to compromise device security, potentially exposing sensitive voice communications and system data.
Affected Products
- Qualcomm Snapdragon Mobile Platforms (4 Gen 1/2, 6 Gen 1/3/4, 7 Gen 1, 7+ Gen 2, 8 Gen 1/2/3, 8 Elite series)
- Qualcomm Snapdragon 5G Modem-RF Systems (X32, X35, X53, X55, X65, X70, X72, X75, X80)
- Qualcomm FastConnect Series (6200, 6700, 6800, 6900, 7800)
- Qualcomm Snapdragon Compute Platforms (7c, 7c Gen 2, 7c+ Gen 3, 8c, 8cx, 8cx Gen 2)
- Qualcomm Snapdragon Automotive Platforms (820 Automotive, Auto 4G/5G Modem-RF)
- Qualcomm Wearable Platforms (1100, 1200, W5+ Gen 1)
- Qualcomm Vision Intelligence Platforms (100, 200, 400)
- Qualcomm WCN Series WiFi/Bluetooth Chips
- Qualcomm QCA Series Wireless Connectivity Chips
Discovery Timeline
- March 2, 2026 - CVE-2025-47383 published to NVD
- March 4, 2026 - Last updated in NVD database
Technical Details for CVE-2025-47383
Vulnerability Analysis
This vulnerability is classified under CWE-325 (Missing Cryptographic Step), indicating that a required cryptographic operation is missing or improperly implemented in the VoWiFi call handling process. When a VoWiFi call is initiated from the User Equipment, the weak configuration allows potential cryptographic protections to be bypassed or degraded.
VoWiFi (Voice over Wi-Fi) relies on IPsec tunnels to secure voice communications over untrusted Wi-Fi networks. The vulnerability appears to affect the cryptographic setup or negotiation phase when establishing these secure tunnels, potentially allowing an attacker to exploit the weak configuration to intercept or manipulate voice traffic.
The attack requires high privileges and network access, but does not require user interaction. A successful exploit could impact confidentiality, integrity, and availability of the affected system and its communications.
Root Cause
The root cause is a weak configuration in the VoWiFi implementation that leads to missing or improper cryptographic operations. This weak configuration may result in:
- Insufficient key strength during session establishment
- Missing validation of cryptographic parameters
- Improper implementation of the IPsec tunnel security mechanisms
- Weak cipher suite selection or negotiation flaws
The vulnerability affects firmware-level components responsible for handling secure voice communications over Wi-Fi networks.
Attack Vector
An attacker exploiting this vulnerability would need:
- Network access to the target device's Wi-Fi environment
- High-level privileges (administrative or system-level access)
- The ability to intercept or manipulate network traffic during VoWiFi call initiation
The attack could potentially allow the attacker to:
- Downgrade cryptographic protections during VoWiFi session establishment
- Intercept voice communications that should be encrypted
- Manipulate cryptographic parameters to weaken security
- Cause denial of service by disrupting the secure channel establishment
Due to the nature of this vulnerability, specific exploitation details involve firmware-level cryptographic operations. For technical details, refer to the Qualcomm March 2026 Security Bulletin.
Detection Methods for CVE-2025-47383
Indicators of Compromise
- Unexpected failures or anomalies during VoWiFi call establishment
- Unusual IPsec tunnel negotiation patterns or cipher suite downgrade attempts
- Network traffic indicating weak or unexpected cryptographic parameters during VoWiFi sessions
- System logs showing cryptographic errors or warnings related to VoWiFi functionality
Detection Strategies
- Monitor network traffic for unusual IPsec tunnel establishment patterns related to VoWiFi
- Implement network intrusion detection rules to identify potential cryptographic downgrade attacks
- Analyze device logs for VoWiFi-related cryptographic errors or configuration anomalies
- Deploy firmware version monitoring to identify devices running vulnerable firmware versions
Monitoring Recommendations
- Enable enhanced logging for VoWiFi and IPsec-related events on affected devices
- Monitor for firmware update availability from device manufacturers and apply promptly
- Implement network-level visibility into VoWiFi traffic patterns where possible
- Establish baseline behavior for VoWiFi calls to detect anomalous cryptographic negotiations
How to Mitigate CVE-2025-47383
Immediate Actions Required
- Review device inventory to identify affected Qualcomm-powered devices including smartphones, tablets, automotive systems, IoT devices, and wearables
- Contact device manufacturers for firmware update availability and deployment timelines
- Consider temporarily disabling VoWiFi functionality on critical devices until patches are available
- Implement network segmentation to limit exposure of affected devices
Patch Information
Qualcomm has disclosed this vulnerability in their March 2026 Security Bulletin. Device manufacturers using affected Qualcomm chipsets are responsible for integrating these fixes and distributing firmware updates to end users.
Organizations should:
- Monitor the Qualcomm March 2026 Security Bulletin for update information
- Work with device vendors to obtain and deploy updated firmware
- Prioritize patching for devices handling sensitive communications
- Coordinate with mobile device management (MDM) solutions for enterprise device updates
Workarounds
- Disable VoWiFi (Wi-Fi Calling) functionality on affected devices until firmware updates are available
- Use traditional cellular voice calls instead of VoWiFi where possible
- Implement additional network-level security controls for Wi-Fi environments
- Restrict high-privilege access to affected devices to reduce exploitation risk
# Example: Verify device firmware version on Android
adb shell getprop ro.build.fingerprint
adb shell getprop ro.board.platform
# Check for VoWiFi configuration (device-specific)
adb shell settings get global vowifi_enabled
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
