CVE-2025-27038 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
qualcomm	CNA	7.5 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[ENGLISH] Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below - CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics
Published: 2025-06-02T19:52:00+05:30
[GERMAN] Aktiv ausgenutzt: Lücken in Qualcomm-Treibern gefährden unzählige Smartphones
Mehrere gefährliche Sicherheitslücken in den Treibern für Qualcomms Adreno-GPUs werden aktiv ausgenutzt. Angreifer können damit Schadcode ausführen. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/treiber/">Treiber</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=196774&page=1&ts=1748938152" width="1" />
Published: 2025-06-03T10:09:16+02:00

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html