Qualcomm has recently released security updates to address three zero-day vulnerabilities that have been actively exploited in targeted attacks. These vulnerabilities, identified as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038, were responsibly disclosed by Google’s Android Security team.
Details of the Vulnerabilities:
1. CVE-2025-21479 and CVE-2025-21480: Both vulnerabilities have a CVSS score of 8.6 and are categorized as incorrect authorization issues within the Graphics component. They can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is executed.
2. CVE-2025-27038: This vulnerability has a CVSS score of 7.5 and is a use-after-free issue in the Graphics component. It can result in memory corruption during the rendering of graphics using Adreno GPU drivers in the Chrome browser.
According to Qualcomm’s advisory, there are indications from Google’s Threat Analysis Group that these vulnerabilities have been exploited in limited, targeted attacks. Patches for the affected Adreno GPU drivers were made available to Original Equipment Manufacturers (OEMs) in May, with a strong recommendation for immediate deployment to affected devices.
Context and Implications:
While specific details regarding the exploitation methods and the identities of the attackers remain undisclosed, similar vulnerabilities in Qualcomm chipsets have previously been exploited by commercial spyware vendors. For instance, vulnerabilities such as CVE-2023-33063, CVE-2023-33106, and CVE-2023-33107 have been weaponized by entities like Variston and Cy4Gate.
In December of the previous year, Amnesty International reported that another Qualcomm vulnerability, CVE-2024-43047, was exploited by the Serbian Security Information Agency (BIA) and Serbian police. They used Cellebrite’s data extraction software to gain elevated access to seized Android devices belonging to activists, journalists, and protesters, subsequently deploying an Android spyware known as NoviSpy.
Recommendations for Users:
Given the potential risks associated with these vulnerabilities, it is crucial for users to ensure their devices are updated with the latest security patches. Users should:
– Check for Updates: Regularly verify and install updates provided by device manufacturers.
– Stay Informed: Keep abreast of security advisories from both Qualcomm and their device manufacturers.
– Exercise Caution: Be vigilant about the applications installed and the permissions granted to them.
By taking these proactive steps, users can significantly reduce the risk of their devices being compromised through such vulnerabilities.
