cbcvebase.
CVE-2025-21480
published 2025-06-03

CVE-2025-21480: Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

PriorityP182high8.6CVSS 3.1
AVLACLPRNUIRSCCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-06-24
Exploited in the wild
EPSS
0.36%
28.0th percentile
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Affected

76 ranges· showing 25
VendorProductVersion rangeFixed in
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-21480 is actively exploited in limited, targeted attacks per Google Threat Analysis Group (TAG); prioritize detection on Android devices using Qualcomm Adreno GPU chipsets
  • The vulnerability is triggered via a specific sequence of commands sent to the GPU micronode through the Adreno GPU driver (Graphics framework incorrect authorization); monitor for anomalous GPU driver command sequences or privilege escalation originating from the graphics stack
  • CVE-2025-21480 is classified as a Graphics framework incorrect authorization weakness; detection should focus on unauthorized command execution paths within the Adreno GPU driver kernel module
  • CISA added CVE-2025-21480 to its Known Exploited Vulnerabilities catalog on June 3rd with a remediation deadline of June 24, 2025; treat unpatched Qualcomm chipset devices as high-priority targets in threat hunting
  • Patches were made available to OEMs in May 2025; devices not yet updated to the 2025-08-05 Android security patch level (or equivalent OEM patch) should be considered vulnerable and monitored closely
  • ·Exploitation is described as 'limited, targeted' — broad-based scanning for this CVE may not be observed; focus detection efforts on high-value Android targets using Qualcomm Adreno GPU chipsets
  • ·The Android 2025-08-05 security patch level bundles all fixes including closed-source third-party and kernel subcomponents, but may not apply to all Android devices

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vulncheck8.6HIGH
cisa8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.