CVE-2025-21480 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
qualcomm	CNA	8.6 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Vulnerability Media Exposure

[ENGLISH] Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below - CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics
Published: 2025-06-02T19:52:00+05:30
[GERMAN] Aktiv ausgenutzt: Lücken in Qualcomm-Treibern gefährden unzählige Smartphones
Mehrere gefährliche Sicherheitslücken in den Treibern für Qualcomms Adreno-GPUs werden aktiv ausgenutzt. Angreifer können damit Schadcode ausführen. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/treiber/">Treiber</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=196774&page=1&ts=1748938152" width="1" />
Published: 2025-06-03T10:09:16+02:00
[GERMAN] Patchday Android: Angreifer können sich höhere Rechte verschaffen
Wichtige Sicherheitsupdates schließen mehrere Lücken in Android 13, 14 und 15. Angreifer attackieren Geräte mit Qualcomm-Prozessor.
Published: 2025-06-04T07:08:00+00:00

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html