Qualcomm, a leading mobile chipmaker, has released urgent security patches to address three critical zero-day vulnerabilities in its Adreno GPU drivers. These vulnerabilities are
currently being actively exploited in targeted attacks on Android users around the world.
The company confirmed that it has distributed the necessary patches to device manufacturers and strongly recommended immediate implementation to protect users from potential threats.
According to Google's Threat Analysis Group, the three vulnerabilities CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 appears to be under limited and targeted exploitation. This poses a serious risk, as Qualcomm’s Adreno GPU technology is used in billions of Android devices from popular smartphone brands such as Samsung, Google, Xiaomi, and OnePlus.
The first two vulnerabilities, CVE-2025-21479 and CVE-2025-21480, are classified as critical and carry CVSS scores of 8.6. These issues involve incorrect authorization in the graphics component, which can lead to memory corruption. Attackers can abuse these flaws to execute unauthorized commands within the GPU microcode during specific command sequences, potentially allowing them to gain elevated privileges and compromise the system.
The third vulnerability, CVE-2025-27038, has a CVSS score of 7.5 and is categorized as a use-after-free issue in the graphics component. This flaw occurs during graphics rendering through the Adreno GPU drivers, particularly within the Chrome browser. If exploited, it can bypass browser isolation mechanisms and allow attackers to run arbitrary code on the affected system.
All three vulnerabilities were reported responsibly to Qualcomm by the Google Android Security team. The two authorization flaws were disclosed in January 2025, while the Chrome-related issue was reported in March 2025. This timeline highlights the ongoing research and collaboration efforts aimed at improving the security of mobile GPU drivers.
The vulnerabilities affect the Adreno GPU framework and can be triggered through specially crafted command sequences. In the case of the Chrome-related issue, attackers can exploit it through malicious web content that initiates rendering tasks.
Security researchers have pointed out that GPU-related vulnerabilities are particularly attractive to commercial spyware vendors and advanced persistent threat actors, who often look for ways to escalate privileges on compromised devices.
Qualcomm issued the patches to Original Equipment Manufacturers (OEMs) in May 2025, along with strong guidance to deploy them without delay. The company stressed the importance of prioritizing these updates due to the ongoing exploitation. Users are advised to contact their device manufacturers for specific details regarding the availability of patches for their devices.
This discovery highlights the persistent security challenges facing mobile GPU drivers, which continue to be valuable targets for sophisticated attackers. It also demonstrates the improved coordination between researchers, chipset makers, and device vendors when it comes to addressing serious mobile security threats.
Android users are encouraged to install the latest security updates and stay informed through their device manufacturers about patch releases for their particular models.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
