CVE-2025-21480

Name: CVE-2025-21480
Creator: NVD / NIST
Published: 2025-06-03T06:15:26.19+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10Actively ExploitedEPSS 0.36%

Last modified Jun 17, 2026

CVE-2025-21480 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.. CISA has confirmed active exploitation in the wild. EPSS estimates a 0.36% chance of exploitation in the next 30 days.

Description

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Metrics

CVSS 3.1

8.6/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Probability

0.36%

28.0th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jun 24, 2025.

Weakness Enumeration

CWE-863

Affected Software

Vendor	Product	Versions
Qualcomm	Aqt1000 Firmware	All versions
Qualcomm	Fastconnect 6200 Firmware	All versions
Qualcomm	Fastconnect 6700 Firmware	All versions
Qualcomm	Fastconnect 6800 Firmware	All versions
Qualcomm	Fastconnect 6900 Firmware	All versions
Qualcomm	Fastconnect 7800 Firmware	All versions
Qualcomm	Qca6391 Firmware	All versions
Qualcomm	Qcm4490 Firmware	All versions
Qualcomm	Qcs4490 Firmware	All versions
Qualcomm	Sc8380xp Firmware	All versions
Qualcomm	Sd855 Firmware	All versions
Qualcomm	Sm4635 Firmware	All versions
Qualcomm	Sm6250 Firmware	All versions
Qualcomm	Sm6650 Firmware	All versions
Qualcomm	Sm6650p Firmware	All versions
Qualcomm	Sm7325p Firmware	All versions
Qualcomm	Sm7635 Firmware	All versions
Qualcomm	Sm7675 Firmware	All versions
Qualcomm	Sm7675p Firmware	All versions
Qualcomm	Sm8550p Firmware	All versions
Qualcomm	Sm8635 Firmware	All versions
Qualcomm	Sm8635p Firmware	All versions
Qualcomm	Sm8650q Firmware	All versions
Qualcomm	Snapdragon 4 Gen 1 Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 460 Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 480 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 480\+ 5g Mobile Platform \(Sm4350-Ac\) Firmware	All versions
Qualcomm	Snapdragon 662 Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 680 4g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 685 4g Mobile Platform \(Sm6225-Ad\) Firmware	All versions
Qualcomm	Snapdragon 690 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 695 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 720g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 778g 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 778g\+ 5g Mobile Platform \(Sm7325-Ae\) Firmware	All versions
Qualcomm	Snapdragon 782g Mobile Platform \(Sm7325-Af\) Firmware	All versions
Qualcomm	Snapdragon 7c\+ Gen 3 Compute Firmware	All versions
Qualcomm	Snapdragon 8 Gen 2 Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 8 Gen 3 Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 8\+ Gen 2 Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 855 Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 855\+\/860 Mobile Platform \(Sm8150-Ac\) Firmware	All versions
Qualcomm	Snapdragon 865 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 865\+ 5g Mobile Platform \(Sm8250-Ab\) Firmware	All versions
Qualcomm	Snapdragon 870 5g Mobile Platform \(Sm8250-Ac\) Firmware	All versions
Qualcomm	Snapdragon 888 5g Mobile Platform Firmware	All versions
Qualcomm	Snapdragon 888\+ 5g Mobile Platform \(Sm8350-Ac\) Firmware	All versions
Qualcomm	Snapdragon Ar1 Gen 1 Firmware	All versions
Qualcomm	Snapdragon Ar1 Gen 1 Platform \"Luna1\" Firmware	All versions
Qualcomm	Snapdragon X55 5g Modem-Rf System Firmware	All versions

Showing 50 of 76 affected configurations. See NVD for the full list.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.htmlVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21480US Government Resource

Timeline

Published: Jun 3, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-21480?

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

How severe is CVE-2025-21480?

CVE-2025-21480 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 0.36% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2025-21480?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-21480?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST