Skip to main content

Ddk CVE-2025-46707

| EUVDEUVD-2025-19416 MEDIUM
Exposure of Resource to Wrong Sphere (CWE-668)
2025-06-27 367425dc-4d06-4041-9650-c2dc6aaa27ce
5.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.2 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 00:16 euvd
EUVD-2025-19416
Analysis Generated
Mar 16, 2026 - 00:16 vuln.today
CVE Published
Jun 27, 2025 - 17:15 nvd
MEDIUM 5.2

DescriptionCVE.org

Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.

Analysis

Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.

Technical ContextAI

This vulnerability is classified as Exposure of Resource to Wrong Sphere (CWE-668).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

More in Ddk

View all
CVE-2025-13952 CRITICAL
9.8 Jan 24

Write-after-free crash in GPU compiler process triggered by unusual GPU shader code loaded from the web. Browser vulnera

CVE-2025-25176 CRITICAL
9.1 Jan 13

A hardware vulnerability allows exfiltration of intermediate register values from secure workloads running in ARM TrustZ

CVE-2025-58411 HIGH
8.8 Jan 13

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reso

CVE-2025-0467 HIGH
8.2 Apr 18

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data ou

CVE-2026-22166 HIGH
8.1 May 01

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash th

CVE-2026-22165 HIGH
8.1 May 01

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphi

CVE-2025-25179 HIGH
7.8 Jun 02

GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GP

CVE-2025-10865 HIGH
7.8 Jan 13

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of refe

CVE-2026-22167 HIGH
7.8 May 01

Local privilege escalation in Imagination Technologies Graphics DDK allows low-privileged users to corrupt kernel memory

CVE-2025-58408 MEDIUM
5.9 Dec 01

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data

CVE-2025-46710 MEDIUM
5.7 Jun 16

Possible kernel exceptions caused by reading and writing kernel heap data after free.

CVE-2026-21736 MEDIUM
4.4 Mar 09

Improper GPU system call handling in the DDK allows non-privileged users to bypass memory protections on user-mode wrapp

Share

CVE-2025-46707 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy