CVE-2025-21480
HIGH KEVQualcomm AQT1000 and FastConnect Firmware - Memory Corruption via Unauthorized GPU Micronode Command Execution
Title source: llmExploitation Summary
CVE-2025-21480 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 3, 2025.
Description
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
References (2)
Core 2
Core References
Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21480
Scores
CVSS v3
8.6
EPSS
0.0200
EPSS Percentile
84.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2025-06-03
VulnCheck KEV
2025-06-02
ENISA EUVD
EUVD-2025-16705
CWE
CWE-863
Status
published
Products (50)
qualcomm/aqt1000_firmware
qualcomm/fastconnect_6200_firmware
qualcomm/fastconnect_6700_firmware
qualcomm/fastconnect_6800_firmware
qualcomm/fastconnect_6900_firmware
qualcomm/fastconnect_7800_firmware
qualcomm/qca6391_firmware
qualcomm/qcm4490_firmware
qualcomm/qcs4490_firmware
qualcomm/sc8380xp_firmware
... and 40 more
Published
Jun 03, 2025
KEV Added
Jun 03, 2025
Tracked Since
Feb 18, 2026