Microsoft Patches SharePoint RCE Flaw Enabling RCE Attacks
Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659 Patches Rolled out
Continue ReadingPatches
Critical 0-Day Vulnerabilities in Qualcomm Adreno GPU Drivers Actively Exploited
Summary
| OEM | Qualcomm |
| Severity | HIGH |
| CVSS Score | 8.6 |
| CVEs | CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Three actively exploited zero-day vulnerabilities in Qualcomm’s Adreno GPU drivers (CVE-2025-21479, CVE-2025-21480, CVE-2025-27038) have been disclosed and patched.
These flaws impact billions of Android devices across vendors such as Samsung, Google, Xiaomi, and OnePlus. Qualcomm released patches to OEMs in May 2025, urging immediate integration to mitigate severe memory corruption and code execution threats.
| Vulnerability Name | CVE ID | Product Affected | CVSS Score | Severity |
| Incorrect Authorization Vulnerability | CVE-2025-21479 | Qualcomm Adreno GPU Driver | 8.6 | High |
| Incorrect Authorization Vulnerability | CVE-2025-21480 | Qualcomm Adreno GPU Driver | 8.6 | High |
| Use-After-Free Vulnerability | CVE-2025-27038 | Qualcomm Adreno GPU Driver | 7.5 | High |
Technical Summary
These vulnerabilities reside within Qualcomm’s Adreno GPU driver, specifically in the Graphics component. The flaws allow attackers to corrupt memory, escalate privileges or execute arbitrary code. Two issues (CVE-2025-21479, CVE-2025-21480) result from incorrect authorization mechanisms in GPU microcode and the third (CVE-2025-27038) is a use-after-free flaw that can be exploited via malicious content rendered through Chrome.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-21479 | Android (Adreno GPU) | Unauthorized command execution during specific GPU microcode sequences causes memory corruption. | Privilege escalation, system compromise. |
| CVE-2025-21480 | Android (Adreno GPU) | Similar unauthorized GPU command flaw allowing memory corruption via improper authorization checks. | Memory corruption, remote code execution. |
| CVE-2025-27038 | Android (Chrome/Adreno) | Use-after-free condition in graphics rendering pipeline (via Chrome) allows attacker control over freed memory space. | Arbitrary code execution. |
Recommendations:
- Apply OEM Patches Immediately: Qualcomm released fixes in May 2025 to all OEMs; users should install the latest firmware updates from their device manufacturers.
- Check for Updates: Go to Settings → System → Software Update and apply the latest security patches as soon as available.
- Apply Security Updates: Users should ensure their Android devices receive the latest security updates.
- Monitor Manufacturer Communications: Stay informed about patch availability specific to your device model via official OEM channels.
Conclusion:
These zero-day vulnerabilities in Qualcomm’s Adreno GPU drivers highlight ongoing security risks in mobile hardware components.
Exploited in limited, targeted attacks potentially by spyware vendors or state-sponsored actors these flaws pose significant threats to Android devices worldwide.
In response to confirmed exploitation, CISA has added all three CVEs (CVE-2025-21479, CVE-2025-21480, CVE-2025-27038) to its Known Exploited Vulnerabilities (KEV) catalog, mandating swift action for federal systems.
Timely patching by OEMs and proactive updates by users are critical to mitigating these risks and preventing further exploitation.
References:
GitLab Releases Patch to Fix Critical and High-Severity Vulnerabilities
GitLab releases fixes for vulnerabilities in patch releases. There are two types of patch releases: scheduled releases, and ad-hoc critical patches for high-severity vulnerabilities.
Summary
| OEM | Gitlab |
| Severity | High |
| CVEs | CVE-2024-5655, CVE-2024-6385, CVE-2024-6678, CVE-2024-8970, CVE-2025-0194, CVE-2024-6324, CVE-2024-12431, CVE-2024-13041 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
The vulnerabilities could potentially impact unauthorized access, data manipulation, and service disruption. These have been disclosed through GitLab’s HackerOne bug bounty program. Latest Versions 17.7.1, 17.6.3, and 17.5.5 are now available for immediate download and upgrade to address these issues.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Import Functionality Vulnerabilities | CVE-2024-6385 | GitLab CE/EE | Critical |
| Import Functionality Vulnerabilities | CVE-2024-5655 | GitLab CE/EE | High |
| Import Functionality Vulnerabilities | CVE-2024-6678 | GitLab CE/EE | High |
| Import Functionality Vulnerabilities | CVE-2024-8970 | GitLab CE/EE | High |
| Access Token Exposure in Logs | CVE-2025-0194 | GitLab CE/EE | Medium |
| Cyclic Reference of Epics Leading to DoS | CVE-2024-6324 | GitLab CE/EE | Medium |
| Unauthorized Manipulation of Issue Status | CVE-2024-12431 | GitLab CE/EE | Medium |
| Instance SAML Bypass | CVE-2024-13041 | GitLab CE/EE | Medium |
Technical Summary
This update addresses several significant vulnerabilities identified in GitLab CE/EE:
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-6385 | GitLab CE/EE | Vulnerability in import functionality allowing potential exploitation | Allows attackers to exploit the system. |
| CVE-2024-5655 | |||
| CVE-2024-6678 | |||
| CVE-2024-8970 | |||
| CVE-2025-0194 | GitLab CE/EE | Possible exposure of access tokens in logs under certain conditions. | Potential unauthorized access to sensitive resources. |
| CVE-2024-6324 | GitLab CE/EE | Cyclic references between epics could lead to resource exhaustion, causing a Denial of Service (DoS). | Service disruption due to resource exhaustion. |
| CVE-2024-12431 | GitLab CE/EE | Unauthorized users could manipulate issue statuses in public projects, potentially disrupting workflows. | Workflow disruption and compromised data integrity. |
| CVE-2024-13041 | GitLab CE/EE | Flaw in instance SAML configuration allowing bypass of external provider settings. | Unauthorized access to internal projects or groups. |
Key Changes to Import Functionality:
- Post-import mapping: This new feature allows administrators to assign imported contributions and memberships to users after the import process is complete, enhancing control and security.
- Email-independent mapping: The updated mapping process no longer relies on email addresses, providing greater flexibility and security when importing from instances with different email domains.
- User control: Users on the destination instance now have the power to accept or reject assigned contributions, adding another layer of security and preventing unauthorized access.
Remediation:
- Upgrade GitLab Instances: All users are strongly advised to upgrade to versions 17.7.1, 17.6.3, or 17.5.5 immediately to mitigate these vulnerabilities.
- Disable Importers Temporarily: Until upgrades are complete, disable importers to avoid exploitation. If import functionality is essential, enable it only during the import process and disable it afterward.
- Adopt Updated Features: Leverage the new post-import mapping, email-independent mapping, and user control enhancements for increased security.
Conclusion:
The vulnerabilities addressed in this patch release highlight the importance of timely updates and proactive security measures. GitLab’s redesign of its import functionality and the prompt patch release demonstrate a commitment to user security. Upgrading to the latest patched versions and adhering to the recommended actions is critical to maintaining a secure environment.
References:
Image