Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Medium

Information disclosure in Qualcomm closed-source TA-to-TA communication APIs exposed to HLOS

IdentifiersCVE-2025-47319CWE-200

CVE-2025-47319 is a critical information disclosure vulnerability in a Qualcomm closed-source component addressed in the December 2025 Android Security Bulletin at the 2025-12-05 patch level. The available description states that the issue arises from exposing internal trusted-application-to-trusted-application (TA-to-TA) communication APIs to the High Level OS (HLOS). This exposure can break intended trust boundaries between secure-world trusted applications and the normal-world operating system, allowing information from internal secure communication interfaces to be disclosed to HLOS. Publicly available material in the provided content does not identify the specific affected function, interface, chipset, or code path beyond this summary.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can result in disclosure of sensitive information from Qualcomm secure/closed-source components by making internal TA-to-TA communication interfaces accessible from HLOS. Because TA-to-TA interfaces are intended for internal trusted execution environment communication, exposing them to HLOS may leak protected data, implementation details, or other sensitive information across a security boundary. The provided content does not establish code execution or privilege escalation for this CVE, only information disclosure.

Mitigation

If you can’t patch tonight, do this now.

Until patched firmware is deployed, mitigation options are limited because the issue affects a Qualcomm closed-source component. Reduce exposure by prioritizing vendor/OEM security updates, limiting use of affected devices in high-risk environments, and enforcing rapid update compliance across managed fleets. Where possible, prefer devices confirmed to have the 2025-12-05 patch level or vendor-equivalent firmware containing Qualcomm’s December 2025 fixes.

Remediation

Patch, then assume compromise.

Apply the Qualcomm-provided fix included in the December 2025 Android security updates, and ensure devices receive an Android security patch level of 2025-12-05 or later, as that patch level includes vendor-specific fixes such as Qualcomm closed-source component issues. OEMs should integrate the corresponding Qualcomm closed-source patches into device firmware updates and verify that affected Qualcomm components are updated as part of the vendor image.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
QualcommAr8035 Firmwareoperating_system
QualcommFastconnect 6200 Firmwareoperating_system
QualcommFastconnect 6700 Firmwareoperating_system
QualcommFastconnect 6900 Firmwareoperating_system
QualcommFastconnect 7800 Firmwareoperating_system
QualcommQam8255p Firmwareoperating_system
QualcommQam8295p Firmwareoperating_system
QualcommQam8620p Firmwareoperating_system
QualcommQam8650p Firmwareoperating_system
QualcommQam8775p Firmwareoperating_system
QualcommQamsrv1h Firmwareoperating_system
QualcommQamsrv1m Firmwareoperating_system
QualcommQca6174a Firmwareoperating_system
QualcommQca6574 Firmwareoperating_system
QualcommQca6574a Firmwareoperating_system
QualcommQca6574au Firmwareoperating_system
QualcommQca6584au Firmwareoperating_system
QualcommQca6595 Firmwareoperating_system
QualcommQca6595au Firmwareoperating_system
QualcommQca6678aq Firmwareoperating_system
QualcommQca6688aq Firmwareoperating_system
QualcommQca6696 Firmwareoperating_system
QualcommQca6698aq Firmwareoperating_system
QualcommQca6797aq Firmwareoperating_system
QualcommQca8081 Firmwareoperating_system
QualcommQca8337 Firmwareoperating_system
QualcommQcc710 Firmwareoperating_system
QualcommQcm5430 Firmwareoperating_system
QualcommQcm6490 Firmwareoperating_system
QualcommQcn6224 Firmwareoperating_system
QualcommQcn6274 Firmwareoperating_system
QualcommQcs5430 Firmwareoperating_system
QualcommQcs6490 Firmwareoperating_system
QualcommQdu1010 Firmwareoperating_system
QualcommQdx1010 Firmwareoperating_system
QualcommQdx1011 Firmwareoperating_system
QualcommQep8111 Firmwareoperating_system
QualcommQfw7114 Firmwareoperating_system
QualcommQfw7124 Firmwareoperating_system
QualcommQmp1000 Firmwareoperating_system
QualcommSa6145p Firmwareoperating_system
QualcommSa6150p Firmwareoperating_system
QualcommSa6155p Firmwareoperating_system
QualcommSa7255p Firmwareoperating_system
QualcommSa7775p Firmwareoperating_system
QualcommSa8145p Firmwareoperating_system
QualcommSa8150p Firmwareoperating_system
QualcommSa8155p Firmwareoperating_system
QualcommSa8195p Firmwareoperating_system
QualcommSa8255p Firmwareoperating_system
QualcommSa8295p Firmwareoperating_system
QualcommSa8540p Firmwareoperating_system
QualcommSa8620p Firmwareoperating_system
QualcommSa8650p Firmwareoperating_system
QualcommSa8770p Firmwareoperating_system
QualcommSa8775p Firmwareoperating_system
QualcommSa9000p Firmwareoperating_system
QualcommSc8380xp Firmwareoperating_system
QualcommSm4635 Firmwareoperating_system
QualcommSm6475 Firmwareoperating_system
QualcommSm6650 Firmwareoperating_system
QualcommSm6650p Firmwareoperating_system
QualcommSm7435 Firmwareoperating_system
QualcommSm7635 Firmwareoperating_system
QualcommSm7635p Firmwareoperating_system
QualcommSm7675 Firmwareoperating_system
QualcommSm7675p Firmwareoperating_system
QualcommSm8635 Firmwareoperating_system
QualcommSm8635p Firmwareoperating_system
QualcommSm8650q Firmwareoperating_system
QualcommSm8735 Firmwareoperating_system
QualcommSm8750 Firmwareoperating_system
QualcommSm8750p Firmwareoperating_system
QualcommSnapdragon 4 Gen 2 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 6 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8 Gen 3 Mobile Platform Firmwareoperating_system
QualcommSnapdragon Ar1 Gen 1 Platform "Luna1" Firmwareoperating_system
QualcommSnapdragon Ar1 Gen 1 Platform Firmwareoperating_system
QualcommSnapdragon Ar2 Gen 1 Platform Firmwareoperating_system
QualcommSnapdragon Auto 5g Modem-Rf Gen 2 Firmwareoperating_system
QualcommSnapdragon X32 5g Modem-Rf System Firmwareoperating_system
QualcommSnapdragon X35 5g Modem-Rf System Firmwareoperating_system
QualcommSnapdragon X72 5g Modem-Rf System Firmwareoperating_system
QualcommSnapdragon X75 5g Modem-Rf System Firmwareoperating_system
QualcommSrv1h Firmwareoperating_system
QualcommSrv1l Firmwareoperating_system
QualcommSrv1m Firmwareoperating_system
QualcommSsg2115p Firmwareoperating_system
QualcommSsg2125p Firmwareoperating_system
QualcommSxr1230p Firmwareoperating_system
QualcommSxr2230p Firmwareoperating_system
QualcommSxr2250p Firmwareoperating_system
QualcommVideo Collaboration Vc3 Platform Firmwareoperating_system
QualcommWcd9340 Firmwareoperating_system
QualcommWcd9370 Firmwareoperating_system
QualcommWcd9375 Firmwareoperating_system
QualcommWcd9378 Firmwareoperating_system
QualcommWcd9380 Firmwareoperating_system
QualcommWcd9385 Firmwareoperating_system
QualcommWcd9390 Firmwareoperating_system
QualcommWcd9395 Firmwareoperating_system
QualcommWcn3950 Firmwareoperating_system
QualcommWcn3988 Firmwareoperating_system
QualcommWcn6650 Firmwareoperating_system
QualcommWcn6755 Firmwareoperating_system
QualcommWcn7750 Firmwareoperating_system
QualcommWcn7860 Firmwareoperating_system
QualcommWcn7861 Firmwareoperating_system
QualcommWcn7880 Firmwareoperating_system
QualcommWcn7881 Firmwareoperating_system
QualcommWsa8810 Firmwareoperating_system
QualcommWsa8815 Firmwareoperating_system
QualcommWsa8830 Firmwareoperating_system
QualcommWsa8832 Firmwareoperating_system
QualcommWsa8835 Firmwareoperating_system
QualcommWsa8840 Firmwareoperating_system
QualcommWsa8845 Firmwareoperating_system
QualcommWsa8845h Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
bleeping computerNews
Dec 2, 2025
Google fixes two Android zero days exploited in attacks, 107 flaws

A critical vulnerability affecting Qualcomm-powered Android devices, details unspecified but fixed in the December 2025 update.

Read more
cyberthroneNews
Dec 2, 2025
Android Patch Update December 2025

Critical Qualcomm closed-source component vulnerability referenced as addressed in Qualcomm’s December 2025 bulletin (vendor/OEM patch dependent).

Read more
security online infoNews
Dec 2, 2025
Android Emergency: Critical DoS Flaw and 2 Exploited Zero-Days in Framework Require Immediate Patch

A critical vulnerability in Qualcomm closed-source components addressed as part of the December 2025 Android security updates.

Read more
socradar blogNews
Dec 2, 2025
December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited

Qualcomm closed-source component vulnerability (severity described as critical/high in aggregate) referenced as fixed in the December 2025 Android bulletin; details deferred to Qualcomm advisories.

Read more
+1 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-47319
NVD
nvd.nist.gov/vuln/detail/CVE-2025-47319
MITRE CWE · CWE-200
cwe.mitre.org
Vendor Advisory
docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html