Severity by source
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
AnalysisAI
A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized command execution path during specific GPU command sequences. KEV-listed alongside CVE-2025-21480, this indicates a systemic issue in Qualcomm's GPU micronode command validation that is being actively exploited in mobile attack chains.
Technical ContextAI
This is a separate vulnerability in the same Qualcomm GPU micronode component as CVE-2025-21480, suggesting a systemic weakness in command validation within the GPU firmware. Both vulnerabilities stem from insufficient authorization checks on GPU commands, indicating that multiple command paths lack proper validation. The dual CVEs suggest the attack surface in GPU firmware is broader than initially assessed.
RemediationAI
Apply Android security patch. Both CVE-2025-21479 and CVE-2025-21480 must be patched. Enforce minimum security patch levels via MDM.
More in Wcn7881 Firmware
View allQualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Cryptographic issue occurs due to use of insecure connection method while downloading.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critic
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs whe
Information disclosure may occur due to improper permission and access controls to Video Analytics engine. Rated high se
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to w
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential f
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16710