CVE-2025-21479

Published Jun 3, 2025

Last updated 2 months ago

Exploit knownCVSS high 8.6
Qualcomm
Adreno

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-21479 is an incorrect authorization vulnerability found in the Graphics component of Qualcomm's Adreno GPU driver. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. Successful exploitation of CVE-2025-21479 could allow attackers to execute unauthorized commands, potentially corrupting system memory. Qualcomm has released patches for this vulnerability and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that this vulnerability may be under limited, targeted exploitation.

Description
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Source
product-security@qualcomm.com
NVD status
Analyzed
Products
aqt1000_firmware, fastconnect_6200_firmware, fastconnect_6700_firmware, fastconnect_6900_firmware, fastconnect_7800_firmware, fastconnect_6800_firmware, qca6391_firmware, qcm4490_firmware, qcs4490_firmware, sd855_firmware, sm4635_firmware, sm6250_firmware, sm6650_firmware, sm6650p_firmware, sm7325p_firmware, sm7635_firmware, sm7675_firmware, sm7675p_firmware, sm8550p_firmware, sm8635_firmware, sm8635p_firmware, sm8650q_firmware, snapdragon_4_gen_1_mobile_platform_firmware, snapdragon_460_mobile_platform_firmware, snapdragon_480_5g_mobile_platform_firmware, snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmware, snapdragon_662_mobile_platform_firmware, snapdragon_680_4g_mobile_platform_firmware, snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware, snapdragon_690_5g_mobile_platform_firmware, snapdragon_695_5g_mobile_platform_firmware, snapdragon_720g_mobile_platform_firmware, snapdragon_778g_5g_mobile_platform_firmware, snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmware, snapdragon_782g_mobile_platform_\(sm7325-af\)_firmware, snapdragon_7c\+_gen_3_compute_firmware, snapdragon_8_gen_2_mobile_platform_firmware, snapdragon_8_gen_3_mobile_platform_firmware, snapdragon_8\+_gen_2_mobile_platform_firmware, snapdragon_855_mobile_platform_firmware, snapdragon_855\+\/860_mobile_platform_\(sm8150-ac\)_firmware, snapdragon_865_5g_mobile_platform_firmware, snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmware, snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmware, snapdragon_888_5g_mobile_platform_firmware, snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmware, snapdragon_ar1_gen_1_firmware, snapdragon_ar1_gen_1_platform_\"luna1\"_firmware, snapdragon_x55_5g_modem-rf_system_firmware, sxr2230p_firmware, sxr2250p_firmware, sxr2330p_firmware, wcd9395_firmware, wcn3950_firmware, wcn3988_firmware, wcn6450_firmware, wcn6650_firmware, wcn6755_firmware, wcn7861_firmware, wcn7881_firmware, wsa8810_firmware, wsa8815_firmware, wsa8830_firmware, wsa8835_firmware, wsa8840_firmware, wsa8845_firmware, wsa8845h_firmware, wcd9341_firmware, wcd9370_firmware, wcd9375_firmware, wcd9378_firmware, wcd9380_firmware, wcd9385_firmware, wcd9390_firmware, wsa8832_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Exploit added on
Jun 3, 2025
Exploit action due
Jun 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

product-security@qualcomm.com
CWE-863

Social media

Hype score
Not currently trending

  1. ''Exploiting CVE-2025-21479 on a Samsung S23'' #infosec #pentest #redteam #blueteam https://t.co/Urj7S0eMUe

    @CyberWarship

    28 Nov 2025

    4676 Impressions

    10 Retweets

    52 Likes

    24 Bookmarks

    3 Replies

    0 Quotes

  2. 2025-11-26 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Exploiting CVE-2025-21479 on a Samsung S23 https://t.co/yrtEN5hvLt https://t.co/vwh8oHhzvp

    @motikan2010

    27 Nov 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Exploiting CVE-2025-21479 on a Samsung S23 by @XploitBengineer https://t.co/0HNtCww89D https://t.co/an8S2ilNqe

    @alexjplaskett

    26 Nov 2025

    6373 Impressions

    30 Retweets

    135 Likes

    82 Bookmarks

    2 Replies

    0 Quotes

  4. Exploiting CVE-2025-21479 on a Samsung S23 Article by @XploitBengineer about exploiting a logical bug in the Qualcomm Adreno GPU firmware to take over the kernel on Samsung S23 via a combination of page table attacks. https://t.co/r9AeYVQJ8O https://t.co/5P1Z45sBSD

    @linkersec

    11 Nov 2025

    5759 Impressions

    17 Retweets

    104 Likes

    56 Bookmarks

    0 Replies

    2 Quotes

  5. Exploiting CVE-2025-21479 on a Samsung S23 https://t.co/dzAjAnS1Ts

    @warthogtk

    5 Nov 2025

    59 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Exploiting CVE-2025-21479 on a Samsung S23 - https://t.co/r8D5JxWkhM #MobileSecurity #Android #infosec

    @Din3zh

    5 Nov 2025

    6560 Impressions

    19 Retweets

    95 Likes

    52 Bookmarks

    1 Reply

    0 Quotes

  7. I posted a short blog about how a Samsung GPU vulnerability (CVE-2025-21479) can be leveraged for an LPE on affected devices https://t.co/9tya9c37Ez

    @XploitBengineer

    4 Nov 2025

    15937 Impressions

    54 Retweets

    180 Likes

    90 Bookmarks

    5 Replies

    2 Quotes

  8. Android Physical Memory: CVE-2025-21479 Power-up Record - https://t.co/P6psVxH8Vt #MobileSecurity #infosec #dfir #Android https://t.co/X8ofnIqrTc

    @Din3zh

    22 Aug 2025

    1436 Impressions

    6 Retweets

    54 Likes

    25 Bookmarks

    0 Replies

    0 Quotes

  9. here is a detailed analysis for CVE-2025-21479🥳 https://t.co/b6qvjDjbga

    @hzshang15

    22 Aug 2025

    490 Impressions

    0 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  10. New blog post: A journey in Android physical memory - writeup on exploiting recent GPU bug CVE-2025-21479 https://t.co/9aSzddEzK3

    @dawnseclab

    22 Aug 2025

    10498 Impressions

    61 Retweets

    197 Likes

    123 Bookmarks

    0 Replies

    1 Quote

  11. Root exploit for the Quest 3/3S for the August 7, 2025 update and earlier, based on CVE-2025-21479. https://t.co/rHZMwVL66b

    @ZiL0G80

    17 Aug 2025

    3047 Impressions

    4 Retweets

    27 Likes

    4 Bookmarks

    2 Replies

    0 Quotes

  12. CVE-2025-21479 Meta Quest 3 privilege escalation Exploit poc - https://t.co/oQIMTHQLsj #root #MobileSecurity #infosec #dfir https://t.co/vJMOVHTUnR

    @Din3zh

    15 Aug 2025

    1453 Impressions

    8 Retweets

    27 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  13. If you have a Meta Quest 3/3S and want to root it, take it off Wi-Fi RIGHT NOW and disable updates: adb shell pm disable-user --user 0 com.oculus.updater The latest update patches CVE-2025-21479.

    @zhuowei

    15 Aug 2025

    31700 Impressions

    45 Retweets

    523 Likes

    159 Bookmarks

    14 Replies

    2 Quotes

  14. 🚨 تحذير أمني: جوجل تصدر تحديث الأمان للأندرويد أغسطس 2025، الذي يعالج ثغرات خطيرة مثل CVE-2025-21479 و CVE-2025-27038. هذه الثغرات استُغلت فعليًا في هجمات موجهة. تأكد من

    @Cybereayn

    10 Aug 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ⚠️ Fratelli di #Pixel .... aggiornare. Tra le altre, risolte due vulnerabilità critiche ( CVE-2025-21479 e CVE-2025-27038) sfruttate attivamente. https://t.co/AC9tiGyrb7

    @sonoclaudio

    7 Aug 2025

    976 Impressions

    5 Retweets

    19 Likes

    0 Bookmarks

    4 Replies

    0 Quotes

  16. 🚨 Android Bugs این باگ به هکرها اجازه می دهد تلفن شمارا از طریق تراشه گرافیکی ربوده شودبدون کلیک مورد نیاز CVE-2025-21479 مربوط به یک آسیب‌پذیری احرازهویت نادرست د

    @BabakEg27664

    6 Aug 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Active exploitation of CVE-2025-21479, CVE-2025-27038, and CVE-21480 highlights the urgency for Android users to update devices. Qualcomm graphics flaws enable memory corruption and remote code execution. #AndroidUpdate #Qualcomm #Japan https://t.co/U55bBOj8NS

    @TweetThreatNews

    6 Aug 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-21479 and 27038 Actively Exploited, Google Issues Emergency Android Patches https://t.co/vijL8OY25q

    @matarturo

    6 Aug 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🔨Googleが8月の月例パッチをリリース、悪用が確認されたQualcommの脆弱性2件などを修正(CVE-2025-21479、CVE-2025-27038他) 💻Broadcomチップ搭載のDell製PC100機種以上に複数の重大な欠陥、早急なパッチ適用を呼びか

    @MachinaRecord

    6 Aug 2025

    158 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Google's August 2025 Android security update addresses six vulnerabilities, including two Qualcomm flaws (CVE-2025-21479 and CVE-2025-27038) exploited in targeted attacks. https://t.co/rHOht4GjMG

    @securityRSS

    5 Aug 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Google, Android işletim sistemi için kritik güvenlik güncellemelerini yayınladı. Bu güncellemeler, özellikle sahada aktif olarak kötüye kullanılan iki önemli Qualcomm güvenlik açığını gideriyor. CVE-2025-21479 (CVSS puanı: 8.6) ve CVE-2025-27038 (CVSS puanı: 7

    @et2mas

    5 Aug 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Google releases Android patches for six vulnerabilities in August 2025 update, including fixes for Qualcomm GPU flaws CVE-2025-21479 and CVE-2025-27038 exploited in targeted attacks. #Android #Qualcomm #Security https://t.co/nWM4PkOwVy

    @TweetThreatNews

    5 Aug 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CVE-2025-21479 (CVSS:8.6, HIGH) is Analyzed. Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands...https://t.co/TLgtfQIM0C #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    8 Jun 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-21479 #Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability https://t.co/3ZYCe79nN9

    @ScyScan

    5 Jun 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Google’ın Android güvenlik ekibi, bazı Snapdragon çiplerinde üç kritik güvenlik açığı buldu. Qualcomm, bu açıkların hedefli siber saldırılarda kullanıldığını doğruladı ve mayıs ayında üreticilere yama gönderdi. Açıklar CVE-2025-21479, 21480 ve 2703

    @webtekno

    5 Jun 2025

    9853 Impressions

    1 Retweet

    11 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  26. Actively exploited CVE : CVE-2025-21479

    @transilienceai

    5 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Actively exploited CVE : CVE-2025-21479

    @transilienceai

    5 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. 🛡️ We added Qualcomm vulnerabilities CVE-2025-21479, CVE-2025-21480 & CVE-2025-27038—impacting multiple chipsets—to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/aEBiHHlS7W & apply mitigations to protect your org from cyberattacks. https://t.co/

    @NETFIXERTECH

    4 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに3件の追加。クアルコムAderno GPUで修正されたCVE-2025-21479、CVE-2025-21480、CVE-2025-27038。対処期限は通常の6/24でランサムウ

    @__kokumoto

    3 Jun 2025

    714 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. 🛡️ We added Qualcomm vulnerabilities CVE-2025-21479, CVE-2025-21480 & CVE-2025-27038—impacting multiple chipsets—to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. https://t.co/

    @CISACyber

    3 Jun 2025

    5333 Impressions

    12 Retweets

    32 Likes

    2 Bookmarks

    1 Reply

    1 Quote

  31. Qualcomm fixed three zero-days exploited in limited and targeted attacks CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 —exploited in limited, targeted attacks, as reported by Google’s Android Security and Threat Analysis teams. The first two (CVSS 8.6) involve incorrect

    @dCypherIO

    3 Jun 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. CVE-2025-21479 Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. https://t.co/a0CobVX3ue

    @CVEnew

    3 Jun 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. [CVE-2025-21479: HIGH] Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.#cve,CVE-2025-21479,#cybersecurity https://t.co/FTYKsUYmwf https://t.co/X4bz5geftH

    @CveFindCom

    3 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. تحذير أمني عاجل من Qualcomm 3 ثغرات خطيرة من نوع Zero-Day تم استغلالها بهجمات تستهدف مستخدمي أجهزة بمعالجات Adreno GPU، أبرزها CVE-2025-21479. كوالكوم أرسلت تحديثات للمصنّعي

    @mjbtechtips

    2 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. ⚠️Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users Read more: https://t.co/ZwrKSRIKUS 📌CVE-2025-21479 📌CVE-2025-21480 📌CVE-2025-27038 Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilitie

    @The_Cyber_News

    2 Jun 2025

    416 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Qualcommは、限定的かつ標的型の攻撃で悪用された3件のゼロデイ脆弱性に対するセキュリティパッチを提供した。 これらはGoogle Android Securityチームにより報告されたもので、CVE-2025-21479および21480(CVSS

    @yousukezan

    2 Jun 2025

    2333 Impressions

    0 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  37. ⚠️Actualizaciones de seguridad de Qualcomm ❗CVE-2025-21479 ❗CVE-2025-21480 ❗CVE-2025-27038 ➡️Más info: https://t.co/vSdtuBR8xQ https://t.co/BaZy1EnwaJ

    @CERTpy

    2 Jun 2025

    125 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨 Qualcomm just patched 3 zero-days actively exploited in the wild—two rated CVSS 8.6. ▶ CVE-2025-21479 ▶ CVE-2025-21480 ▶ CVE-2025-27038 👀 A twist? Similar bugs were used by spyware vendors like Variston and Cy4Gate. More here: https://t.co/FtxbN7hPcs

    @TheHackersNews

    2 Jun 2025

    13501 Impressions

    69 Retweets

    142 Likes

    23 Bookmarks

    1 Reply

    1 Quote

  39. Qualcomm June 2025 Security Bulletin https://t.co/pD7SaUzvR9 "There are indications from Google TAG that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation" https://t.co/7PXRdJk1IS

    @xvonfers

    2 Jun 2025

    15390 Impressions

    9 Retweets

    38 Likes

    20 Bookmarks

    12 Replies

    2 Quotes

Configurations

References

Sources include official advisories and independent security research.