🟢 CVE-2025-27038

Use-after-free vulnerability in Qualcomm Adreno GPU drivers when rendering graphics in Chrome. This affects mobile devices, wearables, and IoT platforms rather than internet-facing servers. Exploitation requires user interaction to view malicious content.

← Back to Overview
LOW_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-06-03

Added to CISA KEV: 2025-06-03 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-27038 is a high-severity use-after-free vulnerability affecting Qualcomm Adreno GPU drivers [6] [4].

Exploitation and Threat Actor Usage
  • Active Exploitation: The vulnerability has been confirmed as actively exploited in the wild [3] [1].
  • Nature of Attacks: Exploitation is described as "limited" and "targeted" [1]. It was identified alongside two other Adreno GPU zero-days (CVE-2025-21479 and CVE-2025-21480) following reports from Google’s Android Security and Threat Analysis teams?qid=CVE-2025-27038 [3].
  • Ransomware/Targeted Campaigns: While the vulnerability has been used in targeted attacks, there is no public evidence linking it to widespread ransomware campaigns; it is primarily associated with sophisticated, targeted threat activity [1].
Attack Method and Impact
  • Method: The flaw is a use-after-free vulnerability triggered during graphics rendering [2]. It occurs when the driver reuses or references memory after it has been freed, potentially allowing an attacker to manipulate memory pointers [4].
  • Impact: Successful exploitation leads to memory corruption, which can be leveraged to achieve unauthorized access or code execution on the affected device [6] [4].
  • Requirements: As a GPU driver vulnerability, it typically requires the execution of malicious graphics-related operations, often delivered through compromised applications or web content that interacts with the GPU [2] [4].
Status and Mitigation
  • Patch Status: Qualcomm released security patches for this vulnerability in June 2025 [7]. Because the fix must be integrated by OEMs (phone manufacturers) and distributed via firmware or Android security updates, users are urged to ensure their devices are updated to the latest available security patch level (e.g., the August 2025 Android security patch level or newer) [5] [1].
  • Proof-of-Concept: While the vulnerability is known to be exploited in the wild, public, weaponized proof-of-concept (PoC) code is generally not available for such targeted, high-value exploits.
  • CISA Status: CVE-2025-27038 is included in the CISA Known Exploited Vulnerabilities (KEV) Catalog, underscoring the necessity of patching [4].

Sources

  1. Qualcomm Flags Exploitation of Adreno GPU Flaws... - SecurityWeek

    Mobile chipmaker Qualcomm on Monday warned that professional hackers are already exploiting three newly patched Adreno GPU bugs and the company is pressing phone makers to push available fixes without delay. The company did not provide details on the attacks but cited “indications from Google Threat…

  2. Patch Tuesday June 2025 | Action1

    CVE-2025-27038 is a use-after-free flaw in the Adreno driver triggered during graphics rendering. It can be exploited in scenarios such as ...

  3. CVE-2025-27038 - Overview, Insights & Trends

    Actively exploited CVE : CVE-2025-27038. @transilienceai.Qualcomm fixed three zero-days exploited in limited and targeted attacks CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 —exploited in limited, targeted attacks, as reported by Google’s Android Security and Threat Analysis teams. The first…

  4. CVE-2025-27038 : Memory corruption while rendering graphics using ...

    CVE-2025-27038 : Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location s…

  5. Android's August 2025 Update Patches Exploited... - SecurityWeek

    The first part of Android’s August 2025 update arrives on devices as the 2025-08-01 security patch level and resolves the System security defect, along with two high-severity elevation of privilege (EoP) vulnerabilities in the Framework component. The second part arrives as the 2025-08-05 security p…

  6. CVE-2025-27038: Qualcomm Ar8031 Use-After-Free Vulnerability - SentinelOne

    CVE-2025-27038 is a use-after-free vulnerability in Qualcomm Ar8031 Firmware affecting Adreno GPU drivers. Memory corruption during graphics rendering could allow exploitation. This article covers technical details, affected versions, impact assessment, and mitigation strategies. Updated: May 15, 20…

  7. June 2025 Security Bulletin - Qualcomm Docs

    ... CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation. Patches for the issues affecting the Adreno Graphics Processing ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed