Actively Exploited Qualcomm GPU Zero-Days Added to CISA’s KEV Catalog

Three new vulnerabilities in Qualcomm’s Adreno GPU driver have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog amid evidence of active exploitation. These flaws, affecting dozens of Qualcomm chipsets, are already being used in targeted attacks and pose serious risks to mobile devices running on Android.

On Monday, Qualcomm issued a security advisory disclosing three high-impact vulnerabilities:

• CVE-2025-21479 & CVE-2025-21480: Incorrect Authorization Vulnerabilities
  These are critical flaws within the Adreno GPU graphics framework that can result in memory corruption by executing unauthorized commands in the GPU micronode. Qualcomm confirmed that these vulnerabilities “can lead to memory corruption because of unauthorized command execution… while executing a specific sequence of commands.”
• CVE-2025-27038: Use-After-Free Vulnerability
  Rated high severity, this bug is triggered while rendering graphics via the Adreno GPU driver in Chrome. Use-after-free conditions are notoriously dangerous because they allow attackers to hijack freed memory, often leading to arbitrary code execution.

While Qualcomm did not reveal the full scope of ongoing attacks, the advisory notes:

“There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation.”

This puts security researchers on high alert as it suggests these vulnerabilities are being actively used by threat actors, potentially including nation-state groups or advanced persistent threats (APTs), in real-world attacks.

Qualcomm released patches to OEM partners in May 2025, urging rapid deployment across affected devices. As of now, users must wait for individual device manufacturers to incorporate and distribute these fixes via firmware updates.

CISA has mandated all U.S. federal agencies to apply the vendor-provided mitigations by June 24, 2025, underscoring the urgency and criticality of these vulnerabilities.

Related Posts:

• Qualcomm Reveals Active Exploitation of Multiple Zero-Days in Adreno GPU
• CISA Adds 12 New Known Actively Exploited Vulnerabilities to its Catalog
• The EU unease about Broadcom attempts to buy Qualcomm: Privacy data may be leaked
• Android’s Future: 8 Years of Security with Qualcomm & Google
• Qualcomm’s March 2025 Security Bulletin Addresses Critical Flaws Across Multiple Products