CVE-2025-21479 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-06-03

Added to CISA KEV: 2025-06-03 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review device logs, check for unauthorized access, verify system integrity on affected Snapdragon devices
Apply firmware/driver updates from device manufacturers immediately
Monitor for unusual GPU-related activity or unauthorized command execution
For IoT deployments: ensure devices are not unnecessarily exposed to internet
HIGH priority patching for all affected Snapdragon-based devices

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-21479 is a critical security vulnerability affecting Qualcomm Adreno GPU drivers and the Qualcomm Aqt1000 firmware ^[3] ^[2].

Overview and Impact

Vulnerability Type: Memory corruption resulting from incorrect authorization and unauthorized command execution in the GPU micronode ^[1] ^[2].
Impact: Successful exploitation allows an attacker to achieve unauthorized command execution, which can lead to memory corruption, potential privilege escalation, or remote code execution (RCE) on the affected device ^[3] ^[6].

Exploitation and Threat Actors

Active Exploitation: The vulnerability has been confirmed to be actively exploited in the wild ^[2].
Threat Actor Usage: Google’s Threat Analysis Group (TAG) identified that the vulnerability was used in targeted attacks ^[2].
Ransomware: There is no specific evidence linking this vulnerability to widespread ransomware campaigns; it has primarily been associated with targeted, sophisticated exploitation ^[2].
Exploitation Requirements: Exploitation involves triggering a specific sequence of commands to the GPU micronode ^[1] ^[2]. While technical details regarding the exact attack vector (e.g., local vs. remote) are often restricted in initial disclosures, the nature of GPU driver vulnerabilities typically requires an attacker to have some level of access or interaction with the device, often facilitated through malicious applications or compromised content.

Patch and Mitigation Status

Status: This vulnerability is included in the CISA Known Exploited Vulnerabilities (KEV) Catalog, which mandates that federal agencies and organizations prioritize patching to mitigate the risk of exploitation ^[1].
Remediation: Users and administrators should apply the latest security updates provided by their device manufacturers (OEMs) or Android security patches, as these updates contain the necessary fixes for Qualcomm driver vulnerabilities ^[4].

*Note: Be careful not to confuse this with CVE-2024-21479, which is a separate, unrelated vulnerability affecting ALAC music playback ^[5].*

Sources

NVD - CVE-2025-21479
Vendor Advisory. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21479.Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements. Vulnerability Name. Date Added. ... Memory corruption due to unauthorized command execu…
CVE-2025-21479 - Exploits & Severity - Feedly
Threat Intelligence Report. CVE-2025-21479 is a critical vulnerability in Qualcomm's Adreno GPU drivers that involves incorrect authorization, allowing unauthorized command execution and potential memory corruption. It has been confirmed to be actively exploited in targeted attacks by Google’s Threa…
CVE-2025-21479: Qualcomm Aqt1000 Firmware RCE Vulnerability - SentinelOne
CVE-2025-21479 is a remote code execution vulnerability in Qualcomm Aqt1000 Firmware caused by memory corruption in GPU micronode. This article covers the technical details, affected versions, security impact, and mitigation.
Google's August Patch Fixes Two Qualcomm ...
CVE-2025-21479 relates to an incorrect authorization vulnerability ... CVE-2025-27038 may be under limited, targeted exploitation.
CVE-2024-21479 - Exploits & Severity - Feedly
The primary impact of this vulnerability is on the availability of the affected system. An attacker could potentially exploit this vulnerability to cause a temporary denial of service, disrupting the normal operation of the device or application during ALAC music playback. This could result in appli…
CVE-2025-21479 - Memory Corruption via Unauthorized GPU Micronode ...
CVE-2025-21479 is a serious security flaw stemming from improper GPU command validation. The vulnerability lets adversaries orchestrate memory corruption via unauthorized micronode command execution—a threat vector that could allow privilege escalation or code execution.