What is the CVSS score of CVE-2025-21480?

CVE-2025-21480 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 1.5%.

Which versions of Aqt1000 Firmware are affected by CVE-2025-21480?

CVE-2025-21480 is an actively exploited memory corruption vulnerability affecting GPU micronode systems with a high severity rating (CVSS 8.6).

Is CVE-2025-21480 being actively exploited?

Yes, CVE-2025-21480 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-21480?

Within 24 hours: Identify and inventory all systems running affected GPU micronode versions; isolate high-risk GPU infrastructure from production networks where operationally feasible; enable enhanced logging and monitoring for GPU command execution. Within 7 days: Implement network segmentation to restrict GPU micronode access to authorized users/systems only; deploy WAF rules to block suspicious GPU command sequences; assess feasibility of disabling non-critical GPU features until patch availability. Within 30 days: Maintain vigilant monitoring for exploitation indicators; coordinate with vendor for patch timeline; develop and test remediation playbooks; evaluate alternative GPU solutions or vendors if patch timeline extends beyond acceptable risk tolerance.

Aqt1000 Firmware CVE-2025-21480

EUVD-2025-16705 HIGH

Incorrect Authorization (CWE-863)

2025-06-03 product-security@qualcomm.com

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16705

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

Added to CISA KEV

Oct 28, 2025 - 13:48 cisa

CISA KEV

CVE Published

Jun 03, 2025 - 06:15 nvd

HIGH 8.6

DescriptionNVD

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

AnalysisAI

Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices.

Technical ContextAI

The vulnerability exists in the Qualcomm Adreno GPU firmware's micronode component, where specific sequences of GPU commands trigger unauthorized execution that corrupts memory. GPU drivers operate at kernel privilege level, so GPU-based exploitation provides a path from userspace (app) to kernel level. This is an increasingly common attack surface as GPUs become more complex and their drivers more privileged.

RemediationAI

Apply Android security patch. Ensure devices receive regular security updates. Enterprise: enforce minimum security patch level via MDM.

CVE-2025-21480 vulnerability details – vuln.today

Back

Aqt1000 Firmware CVE-2025-21480

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code