Huge Qualcomm Security Scare: 3 Zero-Day Android Vulnerabilities Threaten Millions—Is Your Device Safe?
Millions of Android devices are at risk from newly patched Qualcomm GPU zero-day flaws. Here’s what users and OEMs must do right now to stay secure.
- 3 critical Adreno GPU zero-day exploits patched
- 8.6/10 highest severity score for flawed components
- Jan 2025 first signs of active exploitation
- Millions of flagship and budget Android phones affected
Qualcomm has sounded the alarm for Android users: Three previously unknown zero-day vulnerabilities in its Adreno GPU have put millions of devices at risk since early 2025.
With cybercriminals already taking advantage of these flaws, device owners need to take immediate action—even as details on targeted attacks remain tightly guarded. The official Qualcomm and Android bulletins stress just how urgent these security gaps are.
What Are These Zero-Day Qualcomm Flaws?
Qualcomm’s June 2025 Android Security Bulletin highlights three vulnerabilities, tracked as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038. The first two are high-severity authorization bugs buried in the GPU’s graphics component, each scoring a worrying 8.6 out of 10.
Both could allow attackers to trigger memory corruption—opening the door to device takeover and deep system compromise. The third flaw, CVE-2025-27038, scores a still-dangerous 7.5/10 and involves a classic “use-after-free” bug, also leading to memory corruption.
How Widespread Is the Threat?
The risks span much of the Android universe. Devices powered by Qualcomm’s Snapdragon 8 Gen 2 and Gen 3 chips are in the front line, but popular and budget models—think Snapdragon 695, 778G, and 4 Gen 1/2—aren’t spared.
Major manufacturers like Samsung, OnePlus, Xiaomi, and Google must now roll out critical firmware updates to patch vulnerable handsets. As millions await these lifesaving upgrades, attackers could continue seeking fresh victims.
Were These Flaws Already Exploited?
According to the Google Threat Analysis Group, there are strong indications that all three vulnerabilities were being used in targeted attacks as early as January 2025. While specifics about who the hackers are—or their targets—haven’t been revealed, past incidents make the risk crystal clear.
Related exploits were weaponized in high-profile spyware campaigns, including those orchestrated by notorious surveillance outfits. In late 2024, a separate Qualcomm vulnerability was confirmed to help Serbian authorities unlock Android phones seized from journalists and activists.
Learn more about the global security landscape at Kaspersky and cybersecurity best practices on The Hacker News.
What Should Android Users Do Now?
Your best defense is quick action:
– Check for system updates immediately in your device settings.
– Install any new firmware or security patches without delay.
– Stay vigilant for unusual device behavior or app requests.
If your model hasn’t received a fix yet, keep auto-updates enabled and consider limiting sensitive activity until patches arrive. Visit Android.com for official updates and advice.
Q&A: Qualcomm Zero-Day Panic—Your Questions Answered
Which devices are at greatest risk?
Any Android device leveraging Adreno GPUs, especially those using flagship and midrange Snapdragon chips released in the past three years.
How do I check if my phone is affected?
Search your device specifications for “Snapdragon” and check the June 2025 Android Security Bulletin. Most major Android phones since 2023 could be vulnerable.
Can attackers steal my data through these flaws?
Yes, these vulnerabilities can facilitate memory corruption and unauthorized access, potentially exposing private messages, photos, or even enabling total device control.
How can I protect myself if no patch is available yet?
Avoid sideloading apps, use strong credentials, and monitor trusted sources for manufacturer updates. Limit sensitive actions until your device has the latest patch.
How To Safeguard Your Android From Exploited Qualcomm Flaws
1. Open Settings > System > System Update on your phone.
2. Download and install any available updates from your device maker.
3. Turn on automatic security updates for future patches.
4. Check official channels—like your OEM’s support page—for urgent bulletins.
Stay Secure: Don’t delay your next update! Android zero-days are spiking in 2025—act now to protect your data, privacy, and device.
Quick Protection Checklist
– [ ] Check for and apply security updates
– [ ] Follow manufacturer announcements
– [ ] Enable automatic updates
– [ ] Be wary of unusual app or phone behavior
– [ ] Share this warning with friends and family
References
