GPU Micronode Memory Corruption via Unauthorized Command Execution
CVE-2025-21479 Published on June 3, 2025
Incorrect Authorization in Graphics
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Known Exploited Vulnerability
This Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
The following remediation steps are recommended / required by June 24, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2025-21479 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2025-21479 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2025-21479
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-21479 are published in these products:
Affected Versions
Qualcomm, Inc. Snapdragon:- Version AQT1000 is affected.
- Version FastConnect 6200 is affected.
- Version FastConnect 6700 is affected.
- Version FastConnect 6800 is affected.
- Version FastConnect 6900 is affected.
- Version FastConnect 7800 is affected.
- Version QCA6391 is affected.
- Version QCM4490 is affected.
- Version QCS4490 is affected.
- Version SD855 is affected.
- Version SM4635 is affected.
- Version SM6250 is affected.
- Version SM6650 is affected.
- Version SM6650P is affected.
- Version SM7325P is affected.
- Version SM7635 is affected.
- Version SM7675 is affected.
- Version SM7675P is affected.
- Version SM8550P is affected.
- Version SM8635 is affected.
- Version SM8635P is affected.
- Version SM8650Q is affected.
- Version Snapdragon 4 Gen 1 Mobile Platform is affected.
- Version Snapdragon 460 Mobile Platform is affected.
- Version Snapdragon 480 5G Mobile Platform is affected.
- Version Snapdragon 480+ 5G Mobile Platform (SM4350-AC) is affected.
- Version Snapdragon 662 Mobile Platform is affected.
- Version Snapdragon 680 4G Mobile Platform is affected.
- Version Snapdragon 685 4G Mobile Platform (SM6225-AD) is affected.
- Version Snapdragon 690 5G Mobile Platform is affected.
- Version Snapdragon 695 5G Mobile Platform is affected.
- Version Snapdragon 720G Mobile Platform is affected.
- Version Snapdragon 778G 5G Mobile Platform is affected.
- Version Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) is affected.
- Version Snapdragon 782G Mobile Platform (SM7325-AF) is affected.
- Version Snapdragon 7c+ Gen 3 Compute is affected.
- Version Snapdragon 8 Gen 2 Mobile Platform is affected.
- Version Snapdragon 8 Gen 3 Mobile Platform is affected.
- Version Snapdragon 8+ Gen 2 Mobile Platform is affected.
- Version Snapdragon 855 Mobile Platform is affected.
- Version Snapdragon 855+/860 Mobile Platform (SM8150-AC) is affected.
- Version Snapdragon 865 5G Mobile Platform is affected.
- Version Snapdragon 865+ 5G Mobile Platform (SM8250-AB) is affected.
- Version Snapdragon 870 5G Mobile Platform (SM8250-AC) is affected.
- Version Snapdragon 888 5G Mobile Platform is affected.
- Version Snapdragon 888+ 5G Mobile Platform (SM8350-AC) is affected.
- Version Snapdragon AR1 Gen 1 Platform is affected.
- Version Snapdragon AR1 Gen 1 Platform "Luna1" is affected.
- Version Snapdragon X55 5G Modem-RF System is affected.
- Version SXR2230P is affected.
- Version SXR2250P is affected.
- Version SXR2330P is affected.
- Version WCD9341 is affected.
- Version WCD9370 is affected.
- Version WCD9375 is affected.
- Version WCD9378 is affected.
- Version WCD9380 is affected.
- Version WCD9385 is affected.
- Version WCD9390 is affected.
- Version WCD9395 is affected.
- Version WCN3950 is affected.
- Version WCN3988 is affected.
- Version WCN6450 is affected.
- Version WCN6650 is affected.
- Version WCN6755 is affected.
- Version WCN7861 is affected.
- Version WCN7881 is affected.
- Version WSA8810 is affected.
- Version WSA8815 is affected.
- Version WSA8830 is affected.
- Version WSA8832 is affected.
- Version WSA8835 is affected.
- Version WSA8840 is affected.
- Version WSA8845 is affected.
- Version WSA8845H is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.