cbcvebase.
CVE-2025-21479
published 2025-06-03

CVE-2025-21479: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

PriorityP182high8.6CVSS 3.1
AVLACLPRNUIRSCCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-06-24
Exploited in the wild
EPSS
0.66%
47.1th percentile
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Affected

76 ranges· showing 25
VendorProductVersion rangeFixed in
googleandroid
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-21479 is actively exploited in limited, targeted attacks per Google Threat Analysis Group (TAG); prioritize detection on Android devices with Qualcomm Adreno GPU chipsets
  • The vulnerability is an incorrect authorization weakness in the Adreno GPU driver (Graphics framework) triggered by a specific sequence of commands sent to the GPU micronode, resulting in memory corruption; monitor for anomalous GPU command sequences or privilege escalation from GPU driver context
  • Android Security Bulletin 2025-08-01 tracks this as a CRITICAL closed-source component vulnerability under Android reference A-415772610; use this reference to verify patch status on managed Android devices
  • CISA added CVE-2025-21479 to its Known Exploited Vulnerabilities catalog on June 3rd with a remediation deadline of June 24, 2025; unpatched federal/enterprise Android devices should be treated as high-priority targets
  • Patches were made available to OEMs in May 2025 and integrated into Android's August 2025-08-05 security patch level; devices not yet on this patch level remain vulnerable and should be flagged in asset inventory
  • ·Exploitation is described as 'limited, targeted' — not widespread commodity exploitation; detections should be tuned to avoid alert fatigue while still flagging suspicious GPU driver activity on high-value targets
  • ·The 2025-08-05 patch level bundles all fixes including closed-source third-party and kernel subcomponents; the 2025-08-01 level alone may NOT include the CVE-2025-21479 fix on all devices

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vulncheck8.6HIGH
cisa8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.