CVE-2025-21479

Incorrect Authorization in Graphics

CVSS 8.6 HIGHEPSS 0.7%● KEVCWE-863

In short

A flaw in GPU graphics processing allows attackers to run unauthorized commands that corrupt system memory. This can lead to crashes, data theft, or system compromise.

Technical detail

CWE-863 authorization bypass in GPU micronode command execution permits memory corruption through a specific command sequence. Attack vector requires local access to GPU interface with insufficient privilege validation; impacts confidentiality, integrity, and availability of system memory.

Summary generated and translated by AI from the official description.

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21479