Cellular chipmaker Qualcomm on Monday warned that skilled hackers are already exploiting three newly patched Adreno GPU bugs and the corporate is urgent cellphone makers to push out there fixes immediately.
The corporate didn’t present particulars on the assaults however cited “indications from Google Menace Evaluation Group” {that a} trio of flaws (CVE-2025-21479, CVE-2025-21480 and CVE-2025-27038) “could also be underneath restricted, focused exploitation.”
The corporate didn’t share any further particulars on the in-the-wild assaults. Google has not but publicly documented these exploits. The usage of the “restricted, focused exploitation” phrase suggests the exploits could also be linked to industrial spyware and adware merchandise.
In response to Qualcomm’s June 2025 safety bulletin, patches for these vulnerabilities had been shipped to OEMs and cellphone producers in Might and the chipmaker is strongly urging cellphone producers to push updates “as quickly as potential.”
“Please contact your machine producer for extra info on the patch standing about particular units,” Qualcomm mentioned.
Two of the three flaws are rated “vital” and are described as improper authorization within the GPU micronode that permits rogue instructions to deprave reminiscence. The vital bugs carry a CVSS safety rating of 8.6/10.
The third exploited vulnerability is a use-after-free within the Adreno driver that may be triggered from Chrome. This flaw is marked with a CVSS severity rating of seven.5/10.
The exploited flaws headline an enormous patch bundle from Qualcomm that covers a number of “high-severity” affected the information community stack, WLAN HAL denial-of-service and a Bluetooth host reminiscence corruption subject.Commercial. Scroll to proceed studying.
Qualcomm additionally shipped patches for safety bugs in DSP providers, audio, computer-vision and digicam drivers.
Associated: Vulnerabilities Patched in Qualcomm, Mediatek Chipsets
Associated: Qualcomm Alerted to Zero-Day Exploited in Focused Assaults
Associated: Federal Companies Pushed to Patch Exploited Qualcomm Flaws
Associated: Qualcomm Patches 3 Zero-Days Reported by Google
