By rssfeeds-admin 
The most severe flaw directly threatens the secure boot process, a fundamental security mechanism that protects devices from malicious software during startup.
The security update, released today, addresses six high-priority vulnerabilities in Qualcomm’s proprietary software.
CVE-2025-47372 is the most critical threat, earning the company’s highest security rating due to its potential to compromise the entire boot process.
The Critical Boot Vulnerability
CVE-2025-47372 has been classified with a “Critical” security rating and matching CVSS score, highlighting its severe nature.
This vulnerability affects the boot technology area, which controls how devices start up and load their operating systems.
When exploited, attackers could bypass security checks, install persistent malware, or gain unauthorized control over affected devices before the operating system even loads.
Qualcomm’s internal security team discovered the flaw, demonstrating the company’s proactive approach to threat identification.
However, the discovery raises concerns about how long this vulnerability may have existed in deployed devices before it was detected.
Additional Security Threats Identified
Five additional significant vulnerabilities were disclosed alongside the critical boot flaw. CVE-2025-47319 affects the HLOS (High-Level Operating System) and has a vital security rating, though its CVSS score is medium, potentially impacting device operating system functionality.
CVE-2025-47325 targets TZ Firmware and was reported by external security researchers Niek Timmers and Cristofaro Mune from Raelize on September 3, 2025.
This discovery demonstrates the value of collaboration between manufacturers and independent researchers.
Additional high-severity flaws were identified in audio systems (CVE-2025-47323), DSP services (CVE-2025-47350), and camera functionality (CVE-2025-47387), all discovered through internal research.
Qualcomm is actively sharing security patches with original equipment manufacturers and strongly recommends immediate deployment on all released devices. Device manufacturers should prioritize these updates given their high-impact nature.
Users concerned about their device security should contact their device manufacturers directly to inquire about patch availability and update schedules.
Qualcomm has established a dedicated email address for questions related to this security bulletin.
This incident underscores the ongoing challenges facing the technology industry in maintaining device security across complex hardware and software ecosystems.
As devices become increasingly interconnected, vulnerabilities in core security mechanisms, such as the boot process, pose significant risks to millions of users worldwide.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Qualcomm Warns of Critical Vulnerabilities that Compromise the Boot Process appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.