CVE DATABASE / CVE-2025-21480
CVE-2025-21480
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
CVSS 8.6 · HIGH
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2025-06-03.
Federal remediation due 2025-06-24.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Summary
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVSS 3.1 breakdown
| Base score | 8.6 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Qualcomm aqt1000 firmwareQualcomm aqt1000Qualcomm fastconnect 6200 firmwareQualcomm fastconnect 6200Qualcomm fastconnect 6700 firmwareQualcomm fastconnect 6700Qualcomm fastconnect 6800 firmwareQualcomm fastconnect 6800Qualcomm fastconnect 6900 firmwareQualcomm fastconnect 6900Qualcomm fastconnect 7800 firmwareQualcomm fastconnect 7800Qualcomm qca6391 firmwareQualcomm qca6391Qualcomm qcm4490 firmwareQualcomm qcm4490Qualcomm qcs4490 firmwareQualcomm qcs4490Qualcomm sc8380xp firmwareQualcomm sc8380xp
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21480
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-28. Always verify against the vendor advisory before acting.