Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
HighCISA KEVExploited in the wildPublic exploit

Incorrect Authorization in Qualcomm GPU micronode command interface

IdentifiersCVE-2025-21480CWE-863· Incorrect Authorization

CVE-2025-21480 is an incorrect authorization vulnerability affecting multiple Qualcomm chipsets in the graphics/GPU component. The provided content describes it as memory corruption caused by unauthorized command execution in the GPU micronode while executing a specific sequence of commands. The flaw appears to stem from failure to correctly enforce access control on a GPU command path, allowing unauthorized commands to reach privileged GPU microcode/micronode functionality. Successful triggering can corrupt memory buffers and destabilize adjacent memory structures in the GPU driver or firmware path. Qualcomm and multiple secondary sources also characterize the issue as an authorization bypass in the GPU interface and note that it affects multiple Qualcomm chipsets, with indications from Google Threat Analysis Group that it may have been used in limited, targeted exploitation.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause memory corruption in the Qualcomm graphics stack, which may lead to device instability, crashes, denial of service, data leakage, and potentially full device compromise. The supporting content further indicates the flaw may enable privilege escalation, sandbox bypass, root or kernel-level code execution, and persistent malware installation on affected Android devices, although precise exploitation mechanics are not publicly detailed in the provided material.

Mitigation

If you can’t patch tonight, do this now.

Until patches are fully deployed, reduce exposure by restricting installation of untrusted applications, enforcing rapid mobile patch compliance through MDM/EMM, monitoring for abnormal privilege-escalation or GPU-driver-related crashes, and prioritizing replacement or isolation of devices that cannot receive OEM updates. For enterprise Android fleets, limit sideloading, require trusted app sources only, and accelerate rollout of vendor security updates for Qualcomm-based devices.

Remediation

Patch, then assume compromise.

Apply Qualcomm-provided fixes distributed to OEMs in May 2025 and referenced in Qualcomm's June 2025 security disclosures, then install the corresponding device-manufacturer firmware or Android security updates as they become available. Because the issue affects chipset/vendor components, effective remediation depends on OEM integration and deployment of the patched Qualcomm graphics/GPU driver or firmware to affected devices. Organizations should prioritize this CVE due to KEV inclusion and reported in-the-wild exploitation indications.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
QualcommAqt1000 Firmwareoperating_system
QualcommFastconnect 6200 Firmwareoperating_system
QualcommFastconnect 6700 Firmwareoperating_system
QualcommFastconnect 6800 Firmwareoperating_system
QualcommFastconnect 6900 Firmwareoperating_system
QualcommFastconnect 7800 Firmwareoperating_system
QualcommQca6391 Firmwareoperating_system
QualcommQcm4490 Firmwareoperating_system
QualcommQcs4490 Firmwareoperating_system
QualcommSc8380xp Firmwareoperating_system
QualcommSd855 Firmwareoperating_system
QualcommSm4635 Firmwareoperating_system
QualcommSm6250 Firmwareoperating_system
QualcommSm6650 Firmwareoperating_system
QualcommSm6650p Firmwareoperating_system
QualcommSm7325p Firmwareoperating_system
QualcommSm7635 Firmwareoperating_system
QualcommSm7675 Firmwareoperating_system
QualcommSm7675p Firmwareoperating_system
QualcommSm8550p Firmwareoperating_system
QualcommSm8635 Firmwareoperating_system
QualcommSm8635p Firmwareoperating_system
QualcommSm8650q Firmwareoperating_system
QualcommSnapdragon 4 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 460 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 480 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 480+ 5g Mobile Platform (Sm4350-Ac) Firmwareoperating_system
QualcommSnapdragon 662 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 680 4g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 685 4g Mobile Platform (Sm6225-Ad) Firmwareoperating_system
QualcommSnapdragon 690 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 695 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 720g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 778g 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 778g+ 5g Mobile Platform (Sm7325-Ae) Firmwareoperating_system
QualcommSnapdragon 782g Mobile Platform (Sm7325-Af) Firmwareoperating_system
QualcommSnapdragon 7c+ Gen 3 Compute Firmwareoperating_system
QualcommSnapdragon 8 Gen 2 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8 Gen 3 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8+ Gen 2 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 855 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 855+/860 Mobile Platform (Sm8150-Ac) Firmwareoperating_system
QualcommSnapdragon 865 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 865+ 5g Mobile Platform (Sm8250-Ab) Firmwareoperating_system
QualcommSnapdragon 870 5g Mobile Platform (Sm8250-Ac) Firmwareoperating_system
QualcommSnapdragon 888 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 888+ 5g Mobile Platform (Sm8350-Ac) Firmwareoperating_system
QualcommSnapdragon Ar1 Gen 1 Firmwareoperating_system
QualcommSnapdragon Ar1 Gen 1 Platform "Luna1" Firmwareoperating_system
QualcommSnapdragon X55 5g Modem-Rf System Firmwareoperating_system
QualcommSxr2230p Firmwareoperating_system
QualcommSxr2250p Firmwareoperating_system
QualcommSxr2330p Firmwareoperating_system
QualcommWcd9341 Firmwareoperating_system
QualcommWcd9370 Firmwareoperating_system
QualcommWcd9375 Firmwareoperating_system
QualcommWcd9378 Firmwareoperating_system
QualcommWcd9380 Firmwareoperating_system
QualcommWcd9385 Firmwareoperating_system
QualcommWcd9390 Firmwareoperating_system
QualcommWcd9395 Firmwareoperating_system
QualcommWcn3950 Firmwareoperating_system
QualcommWcn3988 Firmwareoperating_system
QualcommWcn6450 Firmwareoperating_system
QualcommWcn6650 Firmwareoperating_system
QualcommWcn6755 Firmwareoperating_system
QualcommWcn7861 Firmwareoperating_system
QualcommWcn7881 Firmwareoperating_system
QualcommWsa8810 Firmwareoperating_system
QualcommWsa8815 Firmwareoperating_system
QualcommWsa8830 Firmwareoperating_system
QualcommWsa8832 Firmwareoperating_system
QualcommWsa8835 Firmwareoperating_system
QualcommWsa8840 Firmwareoperating_system
QualcommWsa8845 Firmwareoperating_system
QualcommWsa8845h Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

34 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

34 SOURCESView more in app
cloudatg insightsNews
Feb 13, 2026
AI Development & Software Engineering | CloudATG

A Qualcomm Adreno GPU incorrect authorization vulnerability exploited as a zero-day in targeted attacks.

Read more
the hacker newsNews
Aug 7, 2025
The Hacker News | #1 Trusted Source for Cybersecurity News - Index Page

A Qualcomm vulnerability referenced as being under limited, targeted exploitation, though no technical details are provided in the content.

Read more
bleeping computerNews
Aug 5, 2025
Android gets patches for Qualcomm flaws exploited in attacks

A Qualcomm vulnerability referenced by CVE only; the content provides no technical details beyond indications of limited targeted exploitation.

Read more
the hacker newsNews
Aug 5, 2025
Google's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

A Qualcomm vulnerability disclosed alongside CVE-2025-21479 and CVE-2025-27038 that Qualcomm said may be under limited, targeted exploitation, though no technical details are provided in the content.

Read more
+7 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures2

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity21

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-21480
NVD
nvd.nist.gov/vuln/detail/CVE-2025-21480
MITRE CWE · CWE-863
Incorrect Authorization
Vendor Advisory
docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21480
Incorrect Authorization in Qualcomm GPU micronode command interface (CVE-2025-21480) | Mallory