Severity by source
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
AnalysisAI
Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices.
Technical ContextAI
The vulnerability exists in the Qualcomm Adreno GPU firmware's micronode component, where specific sequences of GPU commands trigger unauthorized execution that corrupts memory. GPU drivers operate at kernel privilege level, so GPU-based exploitation provides a path from userspace (app) to kernel level. This is an increasingly common attack surface as GPUs become more complex and their drivers more privileged.
RemediationAI
Apply Android security patch. Ensure devices receive regular security updates. Enterprise: enforce minimum security patch level via MDM.
More in Wsa8832 Firmware
View allA second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory
Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call. Rated critical severity (CVSS 9.8), t
Memory corruption while playing audio file having large-sized input buffer. Rated critical severity (CVSS 9.8), this vul
Memory corruption while processing Codec2 during v13k decoder pitch synthesis. Rated critical severity (CVSS 9.8), this
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. Rated critical severity
Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this v
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vuln
Memory corruption in Modem while processing security related configuration before AS Security Exchange. Rated critical s
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulner
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. Rated critical severity (CVSS 9.8), this
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16705