CVE-2025-21480HIGH 8.6CISA KEVEPSS p27.8%

CVE-2025-21480Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability

Qualcomm / Multiple Chipsets

Description

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.8% · 2026-06-19T12:03:05Z
Published2025-06-03
Last modified2025-10-28

CISA KEV entry

Added to KEV: 2025-06-03

Underlying weaknesses· 1

CWE-863

References

  1. https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21480

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryQualcomm Multiple Chipsets Incorrect Authorization Vulnerabilitykev-cve-2025-214800%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
CVE
Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability
CVE
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVE
Qualcomm Multiple Chipsets Integer Overflow Vulnerability
CVE
Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
CVE
Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.