Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-21479

HIGH
Published 2025-06-03T06:42:42.042Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-21479. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
8.6
/10
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.033
probability
of exploitation in the wild

There is a 3.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.866
Higher than 86.6% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Available Exploits

No exploits available for this CVE.

Related News

Google fixed two Qualcomm bugs that were actively exploited in the wild

Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild. Google released security updates to address multiple Android vulnerabilities, including two Qualcomm flaws, tracked as CVE-2025-21479 (CV…

Securityaffairs.com 2025-08-06 06:03
Read More
Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVS…

Internet 2025-08-05 13:59
Read More

Affected Products

Qualcomm, Inc.

Snapdragon

Affected Versions:

AQT1000 FastConnect 6200 FastConnect 6700 FastConnect 6800 FastConnect 6900 FastConnect 7800 QCA6391 QCM4490 QCS4490 SD855 SM4635 SM6250 SM6650 SM6650P SM7325P SM7635 SM7675 SM7675P SM8550P SM8635 SM8635P SM8650Q Snapdragon 4 Gen 1 Mobile Platform Snapdragon 460 Mobile Platform Snapdragon 480 5G Mobile Platform Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Snapdragon 662 Mobile Platform Snapdragon 680 4G Mobile Platform Snapdragon 685 4G Mobile Platform (SM6225-AD) Snapdragon 690 5G Mobile Platform Snapdragon 695 5G Mobile Platform Snapdragon 720G Mobile Platform Snapdragon 778G 5G Mobile Platform Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Snapdragon 782G Mobile Platform (SM7325-AF) Snapdragon 7c+ Gen 3 Compute Snapdragon 8 Gen 2 Mobile Platform Snapdragon 8 Gen 3 Mobile Platform Snapdragon 8+ Gen 2 Mobile Platform Snapdragon 855 Mobile Platform Snapdragon 855+/860 Mobile Platform (SM8150-AC) Snapdragon 865 5G Mobile Platform Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Snapdragon 870 5G Mobile Platform (SM8250-AC) Snapdragon 888 5G Mobile Platform Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Snapdragon AR1 Gen 1 Platform Snapdragon AR1 Gen 1 Platform "Luna1" Snapdragon X55 5G Modem-RF System SXR2230P SXR2250P SXR2330P WCD9341 WCD9370 WCD9375 WCD9378 WCD9380 WCD9385 WCD9390 WCD9395 WCN3950 WCN3988 WCN6450 WCN6650 WCN6755 WCN7861 WCN7881 WSA8810 WSA8815 WSA8830 WSA8832 WSA8835 WSA8840 WSA8845 WSA8845H

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

June 24, 2025

Added to KEV

June 3, 2025

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: Qualcomm
Product: Multiple Chipsets

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.06.03 Released: June 3, 2025

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Affected Products (ENISA)

qualcomm, inc.
snapdragon

ENISA Scoring

CVSS Score (3.1)

8.6
/10
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

0.150
probability

ENISA References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
https://nvd.nist.gov/vuln/detail/CVE-2025-21479

Data provided by ENISA EU Vulnerability Database. Last updated: July 30, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-vmqr-hrfr-7527

Advisory Details

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-21479
WEB https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Advisory provided by GitHub Security Advisory Database. Published: June 3, 2025, Modified: June 3, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

14 posts
Reddit 1 week, 3 days ago
digicat

漫步安卓物理内存:CVE-2025-21479 提权实录 - A Walk Through Android Physical Memory: CVE-2025-21479 Privilege Escalation

2
2.0
View Original
Reddit 2 weeks, 1 day ago
crstux
Exploit PoC

🔥 Top 10 Trending CVEs (25/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-54253](https://nvd.nist.gov/vuln/detail/CVE-2025-54253)** - 📝 Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass …

Also mentions: CVE-2025-43300 CVE-2025-9074 CVE-2025-52970 CVE-2025-54253 CVE-2025-49533 CVE-2025-38236 CVE-2025-32433 CVE-2024-36401
1
1.0
View Original High Risk
Reddit 2 weeks, 2 days ago
crstux
Exploit PoC

🔥 Top 10 Trending CVEs (24/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-50864](https://nvd.nist.gov/vuln/detail/CVE-2025-50864)** - 📝 An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking …

Also mentions: CVE-2025-43300 CVE-2025-9074 CVE-2025-38236 CVE-2025-37899 CVE-2025-32433 CVE-2025-1316 CVE-2024-36401
1
1.0
View Original High Risk
Reddit 2 weeks, 3 days ago
crstux
Exploit PoC

🔥 Top 10 Trending CVEs (23/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-9074](https://nvd.nist.gov/vuln/detail/CVE-2025-9074)** - 📝 A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. …

Also mentions: CVE-2025-43300 CVE-2025-9074 CVE-2025-54336 CVE-2025-29927 CVE-2025-37778 CVE-2025-1316 CVE-2024-55415 CVE-2024-36401
1
1.0
View Original High Risk
Reddit 2 weeks, 4 days ago
Immediate_Gold9789
Exploit

CyberDudeBivash ThreatWire – 21st Edition Why GPUs, NPUs, and AI Accelerators Are Now High-Value Targets By CyberDudeBivash | www.cyberdudebivash.com https://preview.redd.it/a2f3itpa8ikf1.png?width=1536&format=png&auto=webp&s=26899944cca46c6b9f5d1f275a90a8a98c8c606e Author : Cyberdudebivash , [cryptobivash.code.blog](https://www.blogger.com/blog/post/edit/2163240462341298251/8732815097835803749?hl=en#) ,[www.cyberdudebivash.com](https://www.blogger.com/blog/post/edit/2163240462341298251/8732815097835803749?hl=en#), [cyberbivash.blogspot.com](https://www.blogger.com/blog/post/edit/2163240462341298251/8732815097835803749?hl=en#) # Executive Summary For decades, central processing units (CPUs) were the primary battleground for exploit developers, malware authors, and nation-state threat actors. But …

Also mentions: CVE-2025-43300 CVE-2025-27038
1
1.0
View Original High Risk
Reddit 2 weeks, 4 days ago
Immediate_Gold9789
Exploit

Mobile GPU Exploits: Qualcomm Adreno CVEs Hit Android Ecosystem (CVE-2025-21479 & CVE-2025-27038) By CyberDudeBivash | www.cyberdudebivash.com https://preview.redd.it/gmbcabzm2ikf1.png?width=1024&format=png&auto=webp&s=ee85f95143c6df8aad1fe60ec5a0e3a9c3b2770e # Executive Summary Two high-severity vulnerabilities impacting **Qualcomm Adreno GPUs** have been disclosed and quickly added to **CISA’s Known Exploited Vulnerabilities (KEV) list**, signaling **active exploitation in the wild**. * **CVE-2025-21479 (Authorization Bypass …

Also mentions: CVE-2025-27038
1
1.0
View Original High Risk
Reddit 2 weeks, 4 days ago
Immediate_Gold9789
Exploit

CyberDudeBivash Global CVEs Analysis Report — 22 August 2025 https://preview.redd.it/9hkbzarj1ikf1.png?width=1024&format=png&auto=webp&s=6f4223650d8526119e4b88925df35e8e3f42ccde # Executive Overview As of **22 August 2025**, the global vulnerability landscape exhibits escalating volatility. Multiple high-severity CVEs have emerged across browsers, operating systems, AI platforms, and network infrastructure—many actively exploited and posing catastrophic risks to enterprise security. This **Global …

Also mentions: CVE-2025-43300 CVE-2025-53779 CVE-2025-27038
1
1.0
View Original High Risk
Reddit 3 weeks, 1 day ago
crstux
Exploit

🔥 Top 10 Trending CVEs (18/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-8091](https://nvd.nist.gov/vuln/detail/CVE-2025-8091)** - 📝 The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to …

Also mentions: CVE-2025-8091 CVE-2025-25256 CVE-2025-52970 CVE-2025-8088 CVE-2025-31324 CVE-2025-30712 CVE-2025-26633 CVE-2024-29847 CVE-2024-39884 CVE-2024-40725
2
2.0
View Original High Risk
Reddit 3 weeks, 2 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (17/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-26633](https://nvd.nist.gov/vuln/detail/CVE-2025-26633)** - 📝 Microsoft Management Console Security Feature Bypass Vulnerability - 📅 **Published:** 11/03/2025 - 📈 **CVSS:** 7 - 🧭 **Vector:** CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C - 📣 **Mentions:** 61 - ⚠️ **Priority:** 2 - …

Also mentions: CVE-2025-20265 CVE-2025-25256 CVE-2025-8088 CVE-2025-31324 CVE-2025-32433 CVE-2025-30712 CVE-2025-26633 CVE-2024-39884 CVE-2024-40725 CVE-2023-44487
1
1.0
View Original High Risk
Reddit 3 weeks, 3 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (16/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)** - 📝 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October …

Also mentions: CVE-2025-20265 CVE-2025-25256 CVE-2025-50154 CVE-2025-53773 CVE-2025-8088 CVE-2025-8356 CVE-2025-8355 CVE-2023-44487
2
2.0
View Original High Risk
View All 14 Posts

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
Published: 2025-06-03T06:42:42.042Z
Last Modified: 2025-07-28T19:41:43.927Z
Copied to clipboard!