CVE-2025-13952

Critical

Published: 24 January 2026

Published

24 January 2026

Modified

28 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 6.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13952 is a critical-severity Use After Free (CWE-416) vulnerability in Imaginationtech Ddk. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the use-after-free flaw in the GPU shader compiler by requiring timely patching of the specific vulnerability.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as ASLR, DEP, and bounds checking that directly mitigate use-after-free exploits in the GPU compiler process.

AC-6 Least Privilege good match

prevent

Enforces least privilege on the GPU compiler process to prevent system-level escalation even if the use-after-free vulnerability is exploited.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Use-after-free in privileged GPU shader compiler enables remote exploitation leading to arbitrary code execution and privilege escalation on affected platforms.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges…

this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Deeper analysisAI

CVE-2025-13952 is a use-after-free vulnerability (CWE-416) in the GPU shader compiler library, where unusual GPU shader code from a web page loaded over the Internet into the GPU compiler process triggers a write to a freed memory object via an outdated pointer. This affects GPU drivers from Imagination Technologies, particularly on platforms where the compiler process runs with system privileges. The issue has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.

The vulnerability can be exploited remotely by any unauthenticated attacker with network access, requiring low complexity and no user interaction or privileges. Exploitation causes a crash in the GPU compiler process, and on affected platforms where the process holds system-level privileges, it could serve as a foothold for further device compromise, potentially enabling arbitrary code execution or escalation.

For mitigation details, refer to the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/.