EUVD-2025-16700

| CVE-2025-27038 HIGH
2025-06-03 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16700
Added to CISA KEV
Oct 27, 2025 - 17:10 cisa
CISA KEV
CVE Published
Jun 03, 2025 - 06:15 nvd
HIGH 7.5

Tags

Memory Corruption Google Denial Of Service Fastconnect 7800 Firmware Smart Audio 400 Platform Firmware Wcn3988 Firmware Qcm8550 Firmware Qcs6125 Firmware Sw5100p Firmware Qcs8550 Firmware Sm7635p Firmware Sm6650p Firmware Wsa8810 Firmware Wcd9385 Firmware Sw5100 Firmware Wcn3950 Firmware Wcn3980 Firmware Snapdragon 4 Gen 2 Mobile Platform Firmware Sm6475 Firmware Csra6620 Firmware Wcn6650 Firmware Wsa8832 Firmware Sm7635 Firmware Qcn9011 Firmware Wcd9370 Firmware Wsa8835 Firmware Ar8031 Firmware Sm6650 Firmware Sm7435 Firmware Wcd9335 Firmware Snapdragon 680 4g Mobile Platform Firmware Wcn6740 Firmware Csra6640 Firmware Wcd9395 Firmware Wcn6755 Firmware Qcm6125 Firmware Qcn9012 Firmware Qca6391 Firmware Video Collaboration Vc1 Platform Firmware Qca2066 Firmware Wsa8815 Firmware Wsa8830 Firmware Wcd9378 Firmware Wcd9375 Firmware Snapdragon 6 Gen 1 Mobile Platform Firmware Chrome

Description

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Analysis

Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory corruption during graphics rendering. KEV-listed, this vulnerability can be triggered through Chrome on Android devices with Qualcomm chipsets, providing a kernel-level exploitation path from web content.

Technical Context

When Chrome renders graphics on Android devices with Qualcomm Adreno GPUs, it interacts with the kernel-level GPU driver. The use-after-free in the Adreno driver can be triggered by crafted WebGL or Canvas operations in web content. Because the GPU driver runs in kernel context, successful exploitation provides kernel-level access — bypassing Android's app sandbox and all OS-level security.

Affected Products

['Android devices with Qualcomm Adreno GPU running Chrome']

Remediation

Apply Android security patch and update Chrome. Ensure auto-updates are enabled. Enterprise: enforce minimum patch levels via MDM.

Priority Score

89
Low Medium High Critical
KEV: +50
EPSS: +1.1
CVSS: +38
POC: 0

Share

EUVD-2025-16700 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy