CVE-2025-21479

Incorrect Authorization in Graphics

CVSS 8.6 HIGHEPSS 0.7%● KEVCWE-863

Vexday Risk Score

51Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 8.6EPSS 0.7%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

03 Jun 2025Active exploitation (CISA KEV)

03 Jun 2025Published on NVD

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A flaw in GPU graphics processing allows attackers to run unauthorized commands that corrupt system memory. This can lead to crashes, data theft, or system compromise.

Technical detail

CWE-863 authorization bypass in GPU micronode command execution permits memory corruption through a specific command sequence. Attack vector requires local access to GPU interface with insufficient privilege validation; impacts confidentiality, integrity, and availability of system memory.

Summary generated and translated by AI from the official description.

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21479