Qualcomm Patches Three Zero-Day Exploits in Mobile Chips

Qualcomm Addresses Critical Zero-Day Vulnerabilities in Mobile Chips

Qualcomm has released crucial security patches addressing three zero-day vulnerabilities affecting numerous mobile chips. These vulnerabilities, identified as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038, were reported to Qualcomm by Google's Android security team in February 2025. Google's Threat Analysis Group (TAG) indicated these flaws may be under limited, targeted exploitation.

Zero-day vulnerabilities are security flaws unknown to the manufacturer at the time of discovery, making them highly valuable to cybercriminals and state-sponsored hackers. Qualcomm strongly recommends that device manufacturers implement the patches immediately.

Patches Released, Android Updates Needed

Qualcomm made the patches available to device manufacturers in May 2025. Due to the fragmented nature of Android updates, individual device manufacturers are responsible for deploying these patches to their users. This means some devices may remain vulnerable for several weeks despite the availability of fixes.

Google has confirmed that its Pixel devices are not affected by these Qualcomm vulnerabilities.

Mobile Chipsets: A Prime Target for Hackers

Chipsets in mobile devices are frequently targeted by hackers due to their extensive access to the operating system. Exploiting chip vulnerabilities can allow attackers to access sensitive data stored on the device. Recent incidents, including a Qualcomm zero-day exploit used by Serbian authorities last year, highlight the ongoing threat.

Qualcomm has not yet commented on the specifics of these vulnerabilities or the circumstances surrounding their discovery. Google's TAG also declined to provide further details.

Users are encouraged to check with their device manufacturers for updates and install them as soon as they become available.