Qualcomm Adreno GPU Zero-Days Target Android Devices

Qualcomm disclosed three critical Adreno GPU driver vulnerabilities—CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038—that are actively exploited in limited, targeted attacks. Any Android device using a vulnerable Adreno-equipped Snapdragon chipset and unpatched firmware may be at risk of local privilege escalation. A malicious app that gains local access can exploit these flaws to achieve kernel-level code execution via GPU memory corruption.

Vulnerability Summary

CVE	Description	CVSS Score
CVE-2025-21479	Incorrect authorization in Adreno GPU microcode allowing out-of-bounds memory access	8.6
CVE-2025-21480	GPU microcode permission check bypass leading to memory corruption	8.6
CVE-2025-27038	Use-after-free in Adreno GPU driver during Chrome rendering, enabling memory corruption	7.5

Click on the CVE Identifiers in the table to reach our annotated CVE reports. We scrape all resources associated with a CVE for technical details. In the CVE report you can read our Q & A section or ask our A.I. Assistant questions regarding mitigation steps.

How to Check If Your Device Is Vulnerable

Open Settings → About phone → Software information and note your Android version and Security patch level.
Visit Qualcomm’s June 2025 Security Bulletin (link) and confirm whether your chipset model and GPU driver version appear under the three CVEs.
If you own a Google Pixel device, navigate to Settings → Security → Security update and verify that the June 2025 patch (or later) is installed.
For other OEM devices (Samsung, OnePlus, Xiaomi, etc.), check the manufacturer’s support site or community forums for the June 2025 or newer firmware that includes patched Adreno drivers. If no update is yet available, assume vulnerability.

Mitigation Steps

Install the latest system update: As soon as your phone’s manufacturer releases June 2025 or newer patches, install them immediately. These updates include fixed Adreno GPU drivers that address CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038.
Avoid sideloading untrusted apps: Until your device is patched, do not install APKs from unknown sources. This prevents a malicious app from gaining the needed foothold to trigger GPU exploits.
Enable Google Play Protect: Ensure Play Protect is active to help detect and block harmful apps that might attempt to exploit GPU flaws.
Use a reputable mobile-security solution: Many Mobile Threat Defense (MTD) products can flag abnormal GPU or kernel-level behavior consistent with exploit activity. Configure these tools to monitor for suspicious processes.
Monitor for OEM announcements: If an update isn’t yet available for your brand, check official support channels regularly until the patched build is released.

Why This Matters

Adreno GPUs power graphics rendering on most Snapdragon-based Android devices. Exploitation of these flaws allows a local attacker—typically via a malicious app—to bypass Android’s sandbox, escalate privileges to kernel level, and potentially install persistent malware. Although remote exploitation requires chaining with another vulnerability (e.g., a browser flaw), real-world usage against high-value targets has already been observed. Devices without the June 2025 patches remain vulnerable to privilege escalation and data theft.

How BaseFortify Can Help

Real-time vulnerability alerts: We track emerging mobile zero-days, including GPU issues. When Qualcomm or Android patches go live, we notify you immediately.
Concise remediation guidance: For each new GPU or chipset advisory, we provide clear instructions on which OEM builds or Google patches correct the issue.
OEM patch-status dashboard: Quickly see which devices in your organization are up to date and which remain unpatched.