Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users

Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilities in its Adreno GPU drivers that are actively being exploited in targeted attacks against Android users worldwide.

The company confirmed that patches for the vulnerabilities have been distributed to device manufacturers with strong recommendations for immediate deployment.

The Google Threat Analysis Group has provided indications that three vulnerabilities, CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038,”may be under limited, targeted exploitation.”

This represents a significant security threat as billions of Android devices worldwide rely on Qualcomm’s Adreno GPU technology across multiple smartphone manufacturers, including Samsung, Google, Xiaomi, and OnePlus.

0-Day Vulnerabilities Exploited

CVE-2025-21479 and CVE-2025-21480 are classified as critical vulnerabilities with CVSS scores of 8.6, representing incorrect authorization flaws in the Graphics component.

These vulnerabilities enable memory corruption through unauthorized command execution in GPU microcode during specific command sequences. Attackers can exploit these flaws to execute rogue commands that corrupt system memory, potentially leading to elevated privileges and system compromise.

CVE-2025-27038 carries a CVSS score of 7.5 and represents a use-after-free vulnerability in the Graphics component. This flaw causes memory corruption during graphics rendering through Adreno GPU drivers, specifically within the Chrome browser.

The vulnerability can be exploited to bypass browser isolation mechanisms and execute arbitrary code on the target system.

All three vulnerabilities were responsibly disclosed to Qualcomm through the Google Android Security team. The two critical authorization flaws (CVE-2025-21479 and CVE-2025-21480) were reported in late January 2025, while the Chrome-related use-after-free vulnerability (CVE-2025-27038) was communicated in March. This timeline demonstrates the ongoing nature of security research efforts targeting mobile GPU drivers.

The vulnerabilities affect Qualcomm’s Adreno GPU framework and can be triggered through specially crafted command sequences transmitted to the GPU driver. For the Chrome-related vulnerability, attackers can exploit the flaw through malicious web content that triggers graphics rendering operations.

Security researchers note that these types of GPU vulnerabilities are particularly valuable to commercial spyware operators and advanced persistent threat groups seeking to escalate privileges on compromised devices.

Qualcomm distributed patches for all three vulnerabilities to Original Equipment Manufacturers (OEMs) in May 2025, accompanied by strong recommendations for immediate deployment.

The company emphasizes that device manufacturers should prioritize these updates, given the active exploitation status. Users are advised to contact their device manufacturers for specific information about patch availability for their devices.

The discovery highlights ongoing security challenges in mobile GPU drivers, which represent attractive targets for sophisticated attackers. Commercial spyware vendors and state-sponsored threat actors have previously weaponized similar Qualcomm vulnerabilities.

The rapid disclosure and patching timeline demonstrates improved coordination between security researchers, chipset manufacturers, and device vendors in addressing critical mobile security threats.

Users should ensure their Android devices receive the latest security updates and monitor manufacturer communications regarding patch availability for their specific device models.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!

The post Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users appeared first on Cyber Security News.