CVE-2025-13952CRITICAL 9.8EPSS p33.1%

CVE-2025-13952CVE-2025-13952

Description

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.42% probability of exploitation · percentile 33.1% · 2026-06-19T12:03:05Z
Published2026-01-24
Last modified2026-01-28

Underlying weaknesses· 1

CWE-416

References

  1. https://www.imaginationtech.com/gpu-driver-vulnerabilities/

1

TypeTargetConfidenceTier
WeaknessUse After Freecwe-4160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-21732
CVE
CVE-2026-22165
CVE
CVE-2026-22166
CVE
CVE-2025-14765
CVE
CVE-2025-58411
CVE
CVE-2026-22164
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.