Cyber Resilience

CVE-2025-0835

High

Published: 24 March 2025

Published
24 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 20.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0835 is a high-severity Use After Free (CWE-416) vulnerability in Imaginationtech (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0835 is a use-after-free vulnerability (CWE-416) in Imagination Technologies GPU drivers, where software installed and executed as a non-privileged user can make improper GPU system calls that corrupt kernel heap memory. The issue has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on system confidentiality, integrity, and availability.

A local attacker with low privileges, such as a standard non-privileged user, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows the attacker to corrupt kernel heap memory, potentially enabling arbitrary kernel memory read/write operations, privilege escalation to root, or full system compromise.

Mitigation details and patches are available in the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/. Security practitioners should consult this reference for affected versions, patch deployment instructions, and any recommended workarounds.

EU & UK References

Vulnerability details

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in GPU kernel driver enables local privilege escalation via kernel memory corruption from low-privileged user context.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-47331Shared CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-9970Shared CWE-416
CVE-2026-27909Shared CWE-416
CVE-2026-9932Shared CWE-416
CVE-2026-31530Shared CWE-416
CVE-2025-21856Shared CWE-416
CVE-2025-21727Shared CWE-416
CVE-2024-55549Shared CWE-416
CVE-2026-34859Shared CWE-416

Affected Assets

Imaginationtech
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the use-after-free vulnerability in Imagination Technologies GPU drivers by requiring timely application of vendor-provided patches and flaw remediation.

prevent

Prevents non-privileged users from installing and executing software that triggers the vulnerability through improper GPU system calls.

prevent

Implements memory protection mechanisms that hinder exploitation of the kernel heap corruption resulting from the use-after-free flaw.

References