CVE-2025-21479
published 2025-06-03CVE-2025-21479: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
PriorityP182high8.6CVSS 3.1
AVLACLPRNUIRSCCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-06-24
Exploited in the wild
EPSS
0.66%
47.1th percentile
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Affected
76 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-21479 is actively exploited in limited, targeted attacks per Google Threat Analysis Group (TAG); prioritize detection on Android devices with Qualcomm Adreno GPU chipsets ↗
- →The vulnerability is an incorrect authorization weakness in the Adreno GPU driver (Graphics framework) triggered by a specific sequence of commands sent to the GPU micronode, resulting in memory corruption; monitor for anomalous GPU command sequences or privilege escalation from GPU driver context ↗
- →Android Security Bulletin 2025-08-01 tracks this as a CRITICAL closed-source component vulnerability under Android reference A-415772610; use this reference to verify patch status on managed Android devices ↗
- →CISA added CVE-2025-21479 to its Known Exploited Vulnerabilities catalog on June 3rd with a remediation deadline of June 24, 2025; unpatched federal/enterprise Android devices should be treated as high-priority targets ↗
- →Patches were made available to OEMs in May 2025 and integrated into Android's August 2025-08-05 security patch level; devices not yet on this patch level remain vulnerable and should be flagged in asset inventory ↗
- ·Exploitation is described as 'limited, targeted' — not widespread commodity exploitation; detections should be tuned to avoid alert fatigue while still flagging suspicious GPU driver activity on high-value targets ↗
- ·The 2025-08-05 patch level bundles all fixes including closed-source third-party and kernel subcomponents; the 2025-08-01 level alone may NOT include the CVE-2025-21479 fix on all devices ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vulncheck8.6HIGH
cisa8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vmqr-hrfr-7527: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands
ghsa_unreviewed·2025-06-03
CVE-2025-21479 [HIGH] CWE-863 GHSA-vmqr-hrfr-7527: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
VulnCheck
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
vulncheck·2025·CVSS 8.6
CVE-2025-21479 [HIGH] CWE-863 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Affected: Qualcomm Multiple Chipsets
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilitie
Android
CVE-2025-21479: Closed-source component
vendor_android·2025-08-01·CVSS 8.6
CVE-2025-21479 [HIGH] CVE-2025-21479: Closed-source component
Android Security Bulletin 2025-08-01
CVE: CVE-2025-21479
Severity: CRITICAL
Component: Closed-source component
References: A-415772610
*
CISA
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
cisa·2025-06-03·CVSS 8.6
CVE-2025-21479 [HIGH] CWE-863 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Vulnerability: Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Affected: Qualcomm Multiple Chipsets
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21479
Remediat
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Android gets patches for Qualcomm flaws exploited in attacks
blogs_bleepingcomputer·2025-08-05·CVSS 7.8
CVE-2025-21479 [HIGH] Android gets patches for Qualcomm flaws exploited in attacks
## Android gets patches for Qualcomm flaws exploited in attacks
## Sergiu Gatlan
Google has now integrated the patches announced by Qualcomm in June , when the wireless tech giant warned that "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation."
"Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible," Qualcomm said.
CISA has also added the two security bugs to its catalog of actively exploited vulnerabilities on June 3rd, ordering federal agencies to secure their devices against ongoing attacks by June 24.
With this month
Checkpoint
9th June – Threat Intelligence Report
blogs_checkpoint·2025-06-09
CVE-2025-49113 9th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 9th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th June, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American tax company, Optima Tax Relief, has disclosed a ransomware attack that resulted in the theft of 69GB of sensitive data, including corporate records and customer case files containing personal information such as Social Security numbers, phone numbers, and home addresses. The attack impacted the company’s servers in a dou
Bleepingcomputer
Qualcomm fixes three Adreno GPU zero-days exploited in attacks
blogs_bleepingcomputer·2025-06-02·CVSS 7.8
CVE-2025-21479 [HIGH] Qualcomm fixes three Adreno GPU zero-days exploited in attacks
## Qualcomm fixes three Adreno GPU zero-days exploited in attacks
## Sergiu Gatlan
Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks.
The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480 ) were reported through the Google Android Security team in late January, and a third high-severity vulnerability ( CVE-2025-27038 ) was reported in March.
The first two are both Graphics framework incorrect authorization weaknesses that can lead to memory corruption because of unauthorized command execution in the GPU micronode while executing a specific sequence of commands, while CVE-2025-27038 is a use-after-free causi
2025-06-03
Published
2025-06-03
Added to CISA KEV
Exploited in the wild