Qualcomm has patched multiple security flaws discovered in its products, including three zero-day vulnerabilities. The US chipmaker recently announced that these flaws might have been exploited by hackers to target affected devices. Users will have to wait for device manufacturers to roll out Qualcomm’s patches for the vulnerabilities that impact the Adreno graphics processing unit (GPU) driver on affected devices. Google Pixel devices that are equipped with the company’s own Tensor chips, are reportedly unaffected by the security flaws.
Qualcomm Says Hackers May Have Exploited Zero-Day Flaws
A security bulletin published on Monday reveals that Qualcomm has patched 10 proprietary software issues. The company has assigned two of these flaws a ‘Critical’ security rating, while the others are marked as ‘High’. These issues are linked to graphics, core, the data network stack and connectivity, Wi-Fi hardware abstraction layer (HAL), and the Bluetooth host.
Out of the 10 security vulnerabilities patched by Qualcomm, the chipmaker has revealed that three zero-days (previously unknown flaws) may have been exploited by hackers in a targeted campaign. These are CVE-2025-21479 (Incorrect authorisation in graphics), CVE-2025-21480 (Incorrect authorisation in graphics windows), CVE-2025-27038 (Use after free in graphics).
The descriptions of these security flaws suggest that hackers could leverage them to gain unauthorised access to a target’s smartphone. These flaws are regularly discovered and patched by chipmakers, who have access to the proprietary code for their chipsets.
Qualcomm has credited Google’s Threat Analysis Group (TAG) with discovering and reporting these flaws, which were subsequently patched. A Google spokesperson told TechCrunch that these security flaws do not affect the company’s Pixel phones, which run on in-house Tensor chips.
While the security flaws have been patched by Qualcomm, they still need to be rolled out to user’s devices via software updates. The chipmaker says it shared these patches with OEMs in May and urged them to issue security updates for devices “as soon as possible”. As a result, users will have to wait until a software update is ready for their devices, and this process could take weeks.
