Memory Corruption Vulnerability in Qualcomm GPU Micronode
CVE-2025-21479
Key Information:
- Vendor
Qualcomm
- Status
- Vendor
- CVE Published:
- 3 June 2025
Badges
What is CVE-2025-21479?
CVE-2025-21479 is a significant memory corruption vulnerability present in the Qualcomm GPU micronode, where unauthorized command execution can occur due to a specific sequence of commands. The Qualcomm GPU is widely used in various mobile devices and embedded systems, providing graphics processing capabilities that are crucial for performance and user experience. If exploited, this vulnerability could lead to a range of malicious outcomes, as attackers may execute unauthorized commands that could compromise system integrity or lead to denial of service. The nature of this vulnerability is particularly concerning, as it exploits low-level memory management issues, which can be challenging to detect and mitigate.
Potential Impact of CVE-2025-21479
-
System Compromise: Successful exploitation could allow attackers to execute arbitrary commands, resulting in a complete compromise of the affected device. This could enable them to manipulate system behavior, access sensitive information, or install additional malicious payloads.
-
Denial of Service: The memory corruption could lead to system instability or crashes, resulting in a denial of service for users. Devices may experience unexpected behavior, rendering them unusable and impacting critical operations, particularly in environments relying on uninterrupted service.
-
Data Security Risks: If attackers gain access through this vulnerability, there is a substantial risk of data breaches, exposing sensitive personal information or corporate data stored on the compromised devices. This could lead to reputational damage and financial losses for organizations.
CISA has reported CVE-2025-21479
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-21479 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Snapdragon Snapdragon CCW AQT1000
Snapdragon Snapdragon CCW FastConnect 6200
Snapdragon Snapdragon CCW FastConnect 6700
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Red Hot CyberTwo Android Vulnerabilities Actively Exploited: Google Releases Critical Patches
Google releases August security patch for Android, fixing critical Qualcomm vulnerabilities exploited in targeted attacks.
1 week ago
The Cyber ExpressAugust 2025 Android Security Bulletin: Key Fixes Released
Google’s August 2025 Android Security Bulletin fixes multiple critical vulnerabilities, including CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038.
2 weeks ago
Security AffairsGoogle fixed two Qualcomm bugs that were actively exploited in the wild
Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild.
2 weeks ago
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 📈
Vulnerability started trending
- 🦅
CISA Reported
Vulnerability published
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability Reserved