CVE-2025-58411

High

Published: 13 January 2026

Published

13 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0001 0.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-58411 is a high-severity Use After Free (CWE-416) vulnerability in Imaginationtech Ddk. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the use-after-free vulnerability by requiring timely monitoring, scanning, and remediation of flaws in the GPU driver via vendor patches.

SI-16 Memory Protection good match

prevent

Provides memory protection mechanisms like ASLR, DEP, and stack canaries that prevent successful exploitation of the use-after-free condition in the GPU driver.

CM-11 User-installed Software partial match

prevent

Restricts or prohibits user-installed software that could conduct improper GPU system calls to trigger the resource mismanagement and use-after-free scenario.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Use-after-free in kernel GPU driver directly enables local privilege escalation via crafted system calls from low-privileged user context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario…

where potential write use after free was present.

Deeper analysisAI

CVE-2025-58411 is a use-after-free vulnerability (CWE-416) affecting Imagination Technologies GPU drivers, published on 2026-01-13. The flaw stems from improper resource management and reference counting on an internal resource, triggered when software installed and run as a non-privileged user conducts improper GPU system calls. This mismanagement creates a scenario enabling potential write use-after-free conditions. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

A local attacker with low privileges can exploit the vulnerability with low attack complexity and no user interaction. Exploitation involves triggering the improper GPU system calls, leading to resource reference counting errors and use-after-free access. Given the high scope and impacts (confidentiality, integrity, and availability all rated high), successful attacks could enable arbitrary code execution, privilege escalation, data corruption, or denial of service at the kernel level.

Mitigation details are available in the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/.