⚠ Actively exploited
Added to CISA KEV on 2025-06-03. Federal agencies required to patch by 2025-06-24. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-21479Incorrect Authorization in INC Snapdragon

CWE-863Incorrect Authorization7 documents6 sources
Severity
8.6HIGHNVD
EPSS
0.1%
top 64.44%
CISA KEV
KEV
Added 2025-06-03
Due 2025-06-24
Exploit
No known exploits
Affected products
2
Qualcomm INC SnapdragonGoogle Android
Timeline
PublishedJun 3
KEV addedJun 3
KEV dueJun 24
Latest updateAug 5
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

CVEListV5qualcomm_inc/snapdragon75 versions+74

🔴Vulnerability Details

2
GHSA
GHSA-vmqr-hrfr-7527: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands2025-06-03
VulnCheck
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability2025

📋Vendor Advisories

2
Android
CVE-2025-21479: Closed-source component2025-08-01
CISA
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability2025-06-03

🕵️Threat Intelligence

2
Bleepingcomputer
Android gets patches for Qualcomm flaws exploited in attacks2025-08-05
Bleepingcomputer
Qualcomm fixes three Adreno GPU zero-days exploited in attacks2025-06-02