CVE-2025-21480
Incorrect Authorization in Graphics Windows
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.6EPSS 0.4%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
03 Jun 2025Active exploitation (CISA KEV)
03 Jun 2025Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in graphics system authorization allows attackers to execute unauthorized commands on the GPU, corrupting memory through a specific sequence of operations. This can lead to system crashes or potential code execution with elevated privileges.
Technical detail
CWE-863 authorization bypass in GPU micronode command validation permits unauthenticated or unprivileged process to execute restricted GPU commands without proper access checks. Exploitation requires crafting a precise command sequence that bypasses authorization gates, resulting in memory corruption that may enable privilege escalation or denial of service.
Summary generated and translated by AI from the official description.
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Qualcomm, Inc. · SnapdragonWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →