CVE-2025-21480
Actively exploited. CVE-2025-21480 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-06-03) — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CSIRTS triage
- What
- An incorrect authorization vulnerability allows for memory corruption due to unauthorized command execution.
- Who is affected
- Users of multiple Qualcomm chipsets are affected.
- Urgency
- Remediation is critical due to the potential for exploitation and the severity of the vulnerability.
- Action
- Update firmware for affected Qualcomm chipsets.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2025-21480
Get an email if CVE-2025-21480 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Exploitation confirmedAlready exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 28% of all EPSS-scored CVEs.
Advisory coverage (1)
- criticalexploitedCVE-2025-21480: Qualcomm Multiple Chipsets Incorrect Authorization Vulnerabilitycisa-kev · 2025-06-03
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2025-21480)