CVE-2025-21480

Incorrect Authorization in Graphics Windows

CVSS 8.6 HIGHEPSS 0.4%● KEVCWE-863

In short

A flaw in graphics system authorization allows attackers to execute unauthorized commands on the GPU, corrupting memory through a specific sequence of operations. This can lead to system crashes or potential code execution with elevated privileges.

Technical detail

CWE-863 authorization bypass in GPU micronode command validation permits unauthenticated or unprivileged process to execute restricted GPU commands without proper access checks. Exploitation requires crafting a precise command sequence that bypasses authorization gates, resulting in memory corruption that may enable privilege escalation or denial of service.

Summary generated and translated by AI from the official description.

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21480