Qualcomm Quirks: CISA’s Latest Chipset Snafus Spark Security Scramble
CISA adds Qualcomm chipset flaws to its catalog, prompting the need for quick patching. With vulnerabilities that could lead to memory corruption, it’s a race against time for agencies to secure their devices. Qualcomm’s zero days are as undesirable as finding a hair in your soup, but with higher stakes.
Hot Take:
Qualcomm’s chipset flaws are the new “chip” off the old block for hackers! It looks like the tech giants need to put their chips back in the bag and focus on patching those vulnerabilities. Qualcomm’s latest vulnerabilities have made it to CISA’s KEV catalog, and it’s not exactly on their list of proud accomplishments. It’s a bad day to be a microprocessor, but a great day for hackers who now have their eyes on these tasty chips!
Key Points:
- Qualcomm chipsets have three new vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.
- The vulnerabilities have CVE identifiers: CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038.
- The issues are related to incorrect authorization and use-after-free vulnerabilities in the Adreno GPU.
- Google’s Android Security team reported these flaws after detecting limited, targeted exploitation.
- CISA mandates federal agencies to patch these vulnerabilities by June 24, 2025.
Already a member? Log in here