CVE-2025-21480
published 2025-06-03CVE-2025-21480: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
PriorityP182high8.6CVSS 3.1
AVLACLPRNUIRSCCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-06-24
Exploited in the wild
EPSS
0.36%
28.0th percentile
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Affected
76 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-21480 is actively exploited in limited, targeted attacks per Google Threat Analysis Group (TAG); prioritize detection on Android devices using Qualcomm Adreno GPU chipsets ↗
- →The vulnerability is triggered via a specific sequence of commands sent to the GPU micronode through the Adreno GPU driver (Graphics framework incorrect authorization); monitor for anomalous GPU driver command sequences or privilege escalation originating from the graphics stack ↗
- →CVE-2025-21480 is classified as a Graphics framework incorrect authorization weakness; detection should focus on unauthorized command execution paths within the Adreno GPU driver kernel module ↗
- →CISA added CVE-2025-21480 to its Known Exploited Vulnerabilities catalog on June 3rd with a remediation deadline of June 24, 2025; treat unpatched Qualcomm chipset devices as high-priority targets in threat hunting ↗
- →Patches were made available to OEMs in May 2025; devices not yet updated to the 2025-08-05 Android security patch level (or equivalent OEM patch) should be considered vulnerable and monitored closely ↗
- ·Exploitation is described as 'limited, targeted' — broad-based scanning for this CVE may not be observed; focus detection efforts on high-value Android targets using Qualcomm Adreno GPU chipsets ↗
- ·The Android 2025-08-05 security patch level bundles all fixes including closed-source third-party and kernel subcomponents, but may not apply to all Android devices ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vulncheck8.6HIGH
cisa8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gj4f-pc42-qxg8: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands
ghsa_unreviewed·2025-06-03
CVE-2025-21480 [HIGH] CWE-863 GHSA-gj4f-pc42-qxg8: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
VulnCheck
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
vulncheck·2025·CVSS 8.6
CVE-2025-21480 [HIGH] CWE-863 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Affected: Qualcomm Multiple Chipsets
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilitie
CISA
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
cisa·2025-06-03·CVSS 8.6
CVE-2025-21480 [HIGH] CWE-863 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Vulnerability: Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Affected: Qualcomm Multiple Chipsets
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-21480
Remediat
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Android gets patches for Qualcomm flaws exploited in attacks
blogs_bleepingcomputer·2025-08-05·CVSS 7.8
CVE-2025-21479 [HIGH] Android gets patches for Qualcomm flaws exploited in attacks
## Android gets patches for Qualcomm flaws exploited in attacks
## Sergiu Gatlan
Google has now integrated the patches announced by Qualcomm in June , when the wireless tech giant warned that "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation."
"Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible," Qualcomm said.
CISA has also added the two security bugs to its catalog of actively exploited vulnerabilities on June 3rd, ordering federal agencies to secure their devices against ongoing attacks by June 24.
With this month
Checkpoint
9th June – Threat Intelligence Report
blogs_checkpoint·2025-06-09
CVE-2025-49113 9th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 9th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th June, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American tax company, Optima Tax Relief, has disclosed a ransomware attack that resulted in the theft of 69GB of sensitive data, including corporate records and customer case files containing personal information such as Social Security numbers, phone numbers, and home addresses. The attack impacted the company’s servers in a dou
Bleepingcomputer
Qualcomm fixes three Adreno GPU zero-days exploited in attacks
blogs_bleepingcomputer·2025-06-02·CVSS 7.8
CVE-2025-21479 [HIGH] Qualcomm fixes three Adreno GPU zero-days exploited in attacks
## Qualcomm fixes three Adreno GPU zero-days exploited in attacks
## Sergiu Gatlan
Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks.
The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480 ) were reported through the Google Android Security team in late January, and a third high-severity vulnerability ( CVE-2025-27038 ) was reported in March.
The first two are both Graphics framework incorrect authorization weaknesses that can lead to memory corruption because of unauthorized command execution in the GPU micronode while executing a specific sequence of commands, while CVE-2025-27038 is a use-after-free causi
2025-06-03
Published
2025-06-03
Added to CISA KEV
Exploited in the wild