CVE-2025-47370

high-risk

Published 2025-11-04

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Ar8035 Firmware

Csrb31024 Firmware

Fastconnect 6700 Firmware

Fastconnect 6900 Firmware

Fastconnect 7800 Firmware

Sm8550P Firmware

Sm8635 Firmware

Sm8635P Firmware

Sm8650Q Firmware

Sm8735 Firmware

Sm8750 Firmware

Sm8750P Firmware

Snapdragon 778G 5G Mobile Platform Firmware

Snapdragon 778G\+ 5G Mobile Platform \(Sm7325-Ae\) Firmware

Snapdragon 782G Mobile Platform \(Sm7325-Af\) Firmware

Snapdragon 7C\+ Gen 3 Compute Firmware

Snapdragon 8 Gen 2 Mobile Platform Firmware

Snapdragon 8 Gen 3 Mobile Platform Firmware

Snapdragon 8\+ Gen 2 Mobile Platform Firmware

Snapdragon Ar1 Gen 1 Platform Firmware

Qualcomm

Vendor Advisory https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025...

/ 100

high-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 32/34 · Critical