🟢 CVE-2025-21480

Memory corruption vulnerability in Qualcomm Snapdragon GPU micronode allowing unauthorized command execution. Despite being in CISA KEV, this is a local privilege escalation requiring user interaction on mobile/IoT devices, not an internet-facing server vulnerability.

← Back to Overview
LOW_RISK
Risk Level
8.6
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-06-03

Added to CISA KEV: 2025-06-03 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-21480 is a critical security vulnerability affecting Qualcomm's Adreno GPU drivers [2]. Below is a summary of the known details regarding this vulnerability.

Active Exploitation and Threat Actor Usage
  • Status: The vulnerability has been confirmed as actively exploited in the wild [2].
  • Nature of Attacks: Google’s Threat Analysis Group (TAG) identified that the vulnerability was used in limited, targeted attacks [5] [1].
  • Threat Actors: While the vulnerability was used in targeted campaigns—often associated with spyware concerns—specific threat actor groups were not publicly named in the available reports [1].
Attack Method and Requirements
  • Technical Root Cause: The vulnerability is a memory corruption issue caused by unauthorized command execution within the GPU micronode when a specific sequence of commands is executed [4].
  • Exploitation Requirements: It is generally considered a local privilege escalation or component-level exploit. Because it involves the GPU driver, it typically requires the attacker to have already gained some level of execution on the device to trigger the specific command sequences required for the exploit.
Ransomware and Impact
  • Campaign Type: There is no evidence linking this vulnerability to widespread ransomware campaigns; it was specifically noted for its use in targeted, high-stakes attacks (e.g., spyware) [1].
  • Impact: Successful exploitation allows for unauthorized command execution, leading to memory corruption. This can potentially result in data breaches, privilege escalation, or further compromise of the device's security posture [2].
Proof-of-Concept and Availability
  • Publicly available, weaponized exploit code for this vulnerability is not widely distributed, consistent with its use in targeted, sophisticated attacks [1].
Affected Products and Patch Status
  • Affected Products: The vulnerability affects multiple Qualcomm chipsets that utilize the Adreno GPU architecture [3].
  • Patch Status: Qualcomm released patches for the Adreno GPU driver issues to OEMs in May 2025 [6]. These were subsequently included in broader Android security updates (notably the August 2025 security update) [1]. Users are strongly urged to ensure their device firmware and Android security patch levels are up to date [3].

Sources

  1. Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in ...

    There are still no details on how these shortcomings have been weaponized in real-world attacks, but Qualcomm noted at the time that "there are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation." ... Google f…

  2. CVE-2025-21480 - Exploits & Severity - Feedly

    CVEs. CVE-2025-21480. Proof of exploitExploited in the wild.CVE-2025-21480 is a critical vulnerability in Qualcomm's Adreno GPU drivers related to incorrect authorization, allowing unauthorized command execution that can lead to memory corruption and potential data breaches. It has been confirmed to…

  3. CVE-2025-21480 - Qualcomm Multiple Chipsets Incorrect... - SecAlerts

    To fix CVE-2025-21480, users should update their devices with the latest firmware patches provided by Qualcomm. What are the potential impacts of exploiting CVE-2025-21480?CVE-2025-21480 affects multiple Qualcomm chipsets that utilize the Adreno GPU architecture. How can I mitigate the risks associa…

  4. NVD - CVE-2025-21480

    CVE-2025-21480 Detail Description Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. ... CVE-2025-21480 Detail. Description. Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence…

  5. June 2025 Security Bulletin - Qualcomm Docs

    ... CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation. Patches for the issues affecting the Adreno Graphics Processing ...

  6. Any word on when Samsung will patch CVE-2025-21480? It's critical.

    Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed