Cyber Resilience

CVE-2025-21479

HighCISA KEVActive ExploitationEUVD Exploited

Published: 03 June 2025

Published
03 June 2025
Modified
28 October 2025
KEV Added
03 June 2025
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0015 35.4th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21479 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Qualcomm Aqt1000 Firmware. Its CVSS base score is 8.6 (High).

Operationally, ranked at the 35.4th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-21479 is a memory corruption vulnerability caused by unauthorized command execution in the GPU micronode when a specific sequence of commands is processed. The flaw is tracked under CWE-863 (incorrect authorization) and affects Qualcomm GPU components, as referenced in the vendor's June 2025 security bulletin.

An attacker can exploit the issue locally with no privileges required and only user interaction, achieving a scope change that results in high impact to confidentiality, integrity, and availability. Successful exploitation can allow an adversary to corrupt memory and execute arbitrary commands within the affected GPU environment.

The Qualcomm security bulletin and CISA's Known Exploited Vulnerabilities catalog both list the CVE, indicating that patches are available through Qualcomm's standard firmware and driver update channels and that organizations should apply them promptly.

CISA's inclusion of the vulnerability in its actively exploited catalog signals confirmed real-world exploitation, even though the current EPSS score remains low at 0.0015.

EU & UK References

Vulnerability details

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CWE(s)
KEV Date Added
03 June 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

qualcomm
aqt1000 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
qca6391 firmware
all versions
qualcomm
qcm4490 firmware
all versions
qualcomm
qcs4490 firmware
all versions
qualcomm
sd855 firmware
all versions
+65 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authorization checks on commands sent to the GPU micronode, blocking the unauthorized execution path that triggers memory corruption.

prevent

Applies hardware or software memory protection mechanisms that would contain or prevent the corruption resulting from the bypassed command sequence.

prevent

Requires validation of command sequences before GPU micronode execution, mitigating the crafted-input vector that bypasses authorization.

References