CVE-2025-21479

HIGH KEV

Qualcomm AQT1000 and FastConnect Firmware - Memory Corruption via Unauthorized GPU Micronode Command Execution

Title source: llm

Exploitation Summary

CVE-2025-21479 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 3, 2025. EIP tracks 2 public exploits from researchers including zhuowei, sarabpal-dev.

AI-analyzed exploit summary This repository contains a root exploit for the Quest 3/3S devices leveraging CVE-2025-21479, a vulnerability in the Adreno GPU (A7xx series). The exploit manipulates the IB (Instruction Buffer) level to bypass security checks and achieve privilege escalation.

Description

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Exploits (2)

nomisec WORKING POC 200 stars

by zhuowei · local

https://github.com/zhuowei/cheese

View Code ZIP pw:eip

This repository contains a root exploit for the Quest 3/3S devices leveraging CVE-2025-21479, a vulnerability in the Adreno GPU (A7xx series). The exploit manipulates the IB (Instruction Buffer) level to bypass security checks and achieve privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Qualcomm Adreno GPU (A7xx series) on Quest 3/3S devices

No auth needed

Prerequisites: Device running vulnerable firmware (Quest 3/3S with firmware versions before August 7, 2025)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 17 stars

by sarabpal-dev · local

https://github.com/sarabpal-dev/cheese-cake

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2025-21479, targeting a vulnerability in Qualcomm Adreno GPU drivers. The exploit leverages GPU memory manipulation to achieve arbitrary read/write primitives in kernel memory, likely for local privilege escalation (LPE).

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Qualcomm Adreno GPU driver (specific version not explicitly stated)

No auth needed

Prerequisites: Access to a vulnerable Qualcomm Adreno GPU device · Kernel memory layout knowledge (e.g., kallsyms)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21479

Scores

CVSS v3 8.6

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2025-06-03

VulnCheck KEV 2025-06-02

ENISA EUVD EUVD-2025-16710

CWE

CWE-863

Status published

Products (50)

qualcomm/aqt1000_firmware

qualcomm/fastconnect_6200_firmware

qualcomm/fastconnect_6700_firmware

qualcomm/fastconnect_6800_firmware

qualcomm/fastconnect_6900_firmware

qualcomm/fastconnect_7800_firmware

qualcomm/qca6391_firmware

qualcomm/qcm4490_firmware

qualcomm/qcs4490_firmware

qualcomm/sd855_firmware

... and 40 more

Published Jun 03, 2025

KEV Added Jun 03, 2025

Tracked Since Feb 18, 2026