CVE-2025-0835
Published: 24 March 2025
Summary
CVE-2025-0835 is a high-severity Use After Free (CWE-416) vulnerability in Imaginationtech (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-0835 is a use-after-free vulnerability (CWE-416) in Imagination Technologies GPU drivers, where software installed and executed as a non-privileged user can make improper GPU system calls that corrupt kernel heap memory. The issue has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on system confidentiality, integrity, and availability.
A local attacker with low privileges, such as a standard non-privileged user, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows the attacker to corrupt kernel heap memory, potentially enabling arbitrary kernel memory read/write operations, privilege escalation to root, or full system compromise.
Mitigation details and patches are available in the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/. Security practitioners should consult this reference for affected versions, patch deployment instructions, and any recommended workarounds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7902
Vulnerability details
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in GPU kernel driver enables local privilege escalation via kernel memory corruption from low-privileged user context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the use-after-free vulnerability in Imagination Technologies GPU drivers by requiring timely application of vendor-provided patches and flaw remediation.
Prevents non-privileged users from installing and executing software that triggers the vulnerability through improper GPU system calls.
Implements memory protection mechanisms that hinder exploitation of the kernel heap corruption resulting from the use-after-free flaw.