GPU Access Vulnerability in Imagination Technologies Software
CVE-2025-46707

5.2MEDIUM

Key Information:

Vendor

Imagination Technologies

Status
Graphics Ddk
Vendor
CVE Published:
27 June 2025

What is CVE-2025-46707?

A vulnerability has been identified in the GPU driver software from Imagination Technologies, which allows software operating within a Guest Virtual Machine to manipulate the firmware's state. This can lead to unauthorized access to the GPU, enabling potential exploitation and data breaches. Proper measures must be implemented to secure the firmware and restrict access rights to guest environments.

Affected Version(s)

Graphics DDK Linux 1.15 RTM

Graphics DDK Linux 1.17 RTM

Graphics DDK Linux 1.18 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.