CVE-2025-21480

ENISA EUVD: EUVD-2025-16705 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 4 articles Published: 2025-06-03
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
2.0%
probability
This CVE has a 2.0% probability of being exploited in the next 30 days.
0% Top 83.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.6
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Affected Products

Qualcomm, Inc.
Snapdragon
AQT1000 FastConnect 6200 FastConnect 6700 FastConnect 6800 FastConnect 6900 FastConnect 7800

Attack Intelligence

Google Project Zero

Patched
June 2, 2025
Reported by
Google Threat Analysis Group
Root Cause Analysis
???

Signal Intelligence

Confidence
92%
EPSS 2.0%
CVSS v3.1 8.6
Mentions 4
Last Seen Aug 05, 2025

CNA Information

CNA Assigner
qualcomm
CNA Title
Incorrect Authorization in Graphics Windows

Analyst Note

CVE-2025-21480 is confirmed as a zero-day with active exploitation in the wild, as evidenced by Qualcomm's release of patches for multiple Adreno GPU zero-days and multiple high-signal security publications reporting attacks. The high CVSS score (8.6) combined with Google Project Zero tracking and documented exploitation in real-world attacks provides strong confirmation of this vulnerability's severity and active threat status.

Triage Info

Decided atMar 03, 2026
Published DateJun 03, 2025