TOCTOU Race Condition in GPU Firmware on Guest VM by Imagination Technologies
CVE-2025-58407

7.4HIGH

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 17 November 2025

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2025-58407?

A security issue exists in the GPU firmware provided by Imagination Technologies, where a TOCTOU (Time of Check to Time of Use) race condition can occur. This vulnerability may allow a crafted guest virtual machine (VM) to send improper commands to the GPU firmware. As a result, it can lead to unauthorized read and/or write operations that access data beyond the designated memory bounds of the virtual machine, potentially compromising the integrity and confidentiality of the memory space.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Graphics DDK Linux 25.2 RTM1

Graphics DDK Linux 25.1 RTM2

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Sep 1, 2025

JSON

Imagination Technologies

What is CVE-2025-58407?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.