Wireless tech maker Qualcomm has patched three zero-day security flaws that it says may have already been exploited in the wild. In a security bulletin published Monday, the company revealed that the issue affects a driver for the Adreno Graphics Processing Unit, which is found in devices powered by its Snapdragon processors.
Also: The default TV setting you should turn off ASAP – and why pros do the same
“There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation,” Qualcomm said in the advisory. “Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May, together with a strong recommendation to deploy the update on affected devices as soon as possible. Please contact your device manufacturer for more information on the patch status about specific devices.”
Qualcomm makes the processors, chipsets, modems, and other tech that go into smartphones, laptops, and other consumer gear. This means that patching its own components is only half the battle. Device makers must also apply patches to their products, a process over which consumers have little or no control.
<!–>
Attributing the discovery to researchers at Google Threat Analysis Group, Qualcomm cited the three security flaws via their CVE numbers. CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 all point to a memory corruption issue through which hackers can run unauthorized and malicious commands. The third issue focuses on memory corruption while rendering graphics using the Adreno GPU drivers in Chrome.
Also: Best VPN services: How the fastest VPNs with the best networks stack up
Qualcomm acknowledges that all three flaws have already been exploited, albeit in a limited way. The first two have a critical severity rating of 8.6 out of 10, while the third one is rated a high 7.5. In its bulletin, the company also notes the chipsets affected by each vulnerability. Since Android device makers, in particular, are notoriously slow at updating their products, we’re not out of the woods on this one just yet.
Stay ahead of security news with Tech Today, delivered to your inbox every morning.
–>
