CVE-2025-21479
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
5 articles
EPSS Score
Source: FIRST.org · 2026-05-24
0.15%
probability
This CVE has a 0.15% probability
of being exploited in the next 30 days.
0%
Top 35.1th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
Project ZeroArbitrary physical write vulnerability
Attack Intelligence
Google Project Zero
Patched
June 2, 2025
Reported by
Google Threat Analysis Group
Root Cause Analysis
???
Exploits & PoC
zhuowei/cheese
CVE-2025-21479 proof-of-concept, I think
238
sarabpal-dev/cheese-cake
A proof-of-concept for CVE-2025-21479, chained with a Dirty Pagetable technique.
24
2 repos — triés par ⭐
Rechercher sur GitHub ↗
Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack
TheHackerNews
Android gets patches for Qualcomm flaws exploited in attacks
BleepingComputer
Aug 05, 2025
Qualcomm fixes three Adreno GPU zero-days exploited in attacks
BleepingComputer
Jun 02, 2025
Signal Intelligence
Confidence
92%
EPSS
0.15%
Mentions
5
Last Seen
Aug 05, 2025
CNA Information
Analyst Note
CVE-2025-21479 is confirmed as a high-severity memory corruption vulnerability in Qualcomm Snapdragon GPU with active exploitation reported in the wild, as evidenced by BleepingComputer reporting Adreno GPU zero-days being exploited in attacks. The vulnerability's presence in Google Project Zero and CVSS 8.6 rating further substantiate the confirmed status, with vendor patches already released for Android systems.
Triage Info
Decided atMar 03, 2026