⚠ Actively exploited
Added to CISA KEV on 2025-06-03. Federal agencies required to patch by 2025-06-24. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-21480Incorrect Authorization in INC Snapdragon

CWE-863Incorrect Authorization6 documents5 sources
Severity
8.6HIGHNVD
EPSS
2.0%
top 16.31%
CISA KEV
KEV
Added 2025-06-03
Due 2025-06-24
Exploit
No known exploits
Affected products
1
Qualcomm INC Snapdragon
Timeline
PublishedJun 3
KEV addedJun 3
KEV dueJun 24
Latest updateAug 5
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages1 packages

CVEListV5qualcomm_inc/snapdragon76 versions+75

🔴Vulnerability Details

2
GHSA
GHSA-gj4f-pc42-qxg8: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands2025-06-03
VulnCheck
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability2025

📋Vendor Advisories

1
CISA
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability2025-06-03

🕵️Threat Intelligence

2
Bleepingcomputer
Android gets patches for Qualcomm flaws exploited in attacks2025-08-05
Bleepingcomputer
Qualcomm fixes three Adreno GPU zero-days exploited in attacks2025-06-02