CVE-2025-13952
CRITICALImaginationTech DDK < 25.3 - Use-After-Free in GPU Shader Compiler
Title source: llmDescription
A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.
References (1)
Core 1
Core References
Vendor Advisory
https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Scores
CVSS v3
9.8
EPSS
0.0042
EPSS Percentile
33.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (1)
imaginationtech/ddk
< 25.3
Published
Jan 24, 2026
Tracked Since
Feb 18, 2026