CVE-2025-27038

Use After Free in Graphics

CVSS 7.5 HIGHEPSS 0.8%● KEVCWE-416

Vexday Risk Score

51Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 7.5EPSS 0.8%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

03 Jun 2025Active exploitation (CISA KEV)

03 Jun 2025Published on NVD

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A memory corruption flaw in Chrome's graphics rendering with Adreno GPU drivers allows an attacker to crash the browser or potentially execute malicious code by crafting a specially designed web page.

Technical detail

Use-after-free vulnerability in Adreno GPU driver integration within Chrome's graphics pipeline. Attack vector: malicious webpage with crafted graphics content; requires user to visit the page. Impact: memory corruption leading to denial of service or potential code execution.

Summary generated and translated by AI from the official description.

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27038