Qualcomm has addressed a series of security vulnerabilities identified in its products, including three that are classified as zero-day vulnerabilities. The US-based semiconductor manufacturer recently indicated that these flaws could have been exploited by cybercriminals to target specific devices. Users will need to rely on their device manufacturers to implement Qualcomm’s patches for the vulnerabilities affecting the Adreno graphics processing unit (GPU) driver. Notably, Google Pixel devices utilizing the company’s own Tensor chips appear to be immune to these security issues.
Qualcomm Warns of Potential Exploitation of Zero-Day Vulnerabilities
A security bulletin released on Monday disclosed that Qualcomm has patched 10 proprietary software vulnerabilities. Among these, two have been assigned a ‘Critical’ security classification, with the remainder categorized as ‘High’. The vulnerabilities pertain to various areas, including graphics, core functions, the data network stack, connectivity, Wi-Fi hardware abstraction layer (HAL), and Bluetooth host interfaces.
Of the ten security vulnerabilities that Qualcomm has addressed, three zero-day flaws—previously unknown and potentially exploited by hackers—have been highlighted. These vulnerabilities include CVE-2025-21479 (Incorrect authorization in graphics), CVE-2025-21480 (Incorrect authorization in graphics windows), and CVE-2025-27038 (Use after free in graphics).
The nature of these vulnerabilities suggests that they could allow hackers to gain unauthorized access to a smartphone. Chipmakers like Qualcomm routinely discover and fix such issues, as they possess access to the proprietary code of their chipsets.
Qualcomm has acknowledged the assistance of Google’s Threat Analysis Group (TAG) in uncovering and reporting these vulnerabilities, which led to the recent fixes. A Google representative informed TechCrunch that these security flaws do not impact the company’s Pixel phones, which utilize in-house Tensor chips.
Even though Qualcomm has made the necessary patches available, users will have to wait for software updates from their device manufacturers to implement these fixes. The chipmaker has reportedly provided these patches to original equipment manufacturers (OEMs) as early as May and has encouraged them to issue security updates to users “as soon as possible”. Consequently, users may experience delays of several weeks before receiving an update for their devices.
