Qualcomm has sent security updates to address three zero day vulnerabilities, which, he said, were used in limited and focused attacks in the wild.
The following are the deficiencies that were responsible for the Google Android Security Security, given below – the given –
- Cve-2025-21479 and Cve-2025-21480 (CVSS assessment: 8.6) – Two incorrect authorization vulnerabilities in the graphic components that can lead to corruption memory from the nsa
- Cve-2025-27038 (CVSS assessment: 7.5)-Upline in a graphical component that does not use that can lead to corruption memory while simultaneously providing graphs using GPU Adreno drivers in Chrome
“In the Google threats group there is that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, focused operation,” Qualcomm – Note In advisory.
“Patches on issues that affect the Adreno (GPU) processing driver were available for manufacturers in May together with a strong recommendation to deploy the affected devices as soon as possible.”
Currently, there are no details about how vulnerabilities are used in which context and who. In view of this, similar shortcomings in Qualcomm chips (Cve-2023-33063, Cve-2023-33106 and Cve-2013-33107) were armed in the past by commercial spyware suppliers like Variston and Cy4Gate.
Last December, Amnesty International showed that another lack of security in Qualcomm (Cve-2024-43047) used by the Serbian Safety Agency (Bia) and Serbian police to unlock the Android seized devices belonging to activists, journalists and protesters using Cellebrite data software to obtain increased access and deployment of Android spy software called Novispy.