Imagination Graphics DDK up to 25.1 RTM2 System Call use after free
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.5 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in Imagination Graphics DDK up to 25.1 RTM2. The affected element is an unknown function of the component System Call Handler. Performing a manipulation results in use after free. This vulnerability is identified as CVE-2025-25177. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Imagination Graphics DDK up to 25.1 RTM2. It has been classified as critical. This affects an unknown functionality of the component System Call Handler. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
The advisory is shared at imaginationtech.com. This vulnerability is uniquely identified as CVE-2025-25177 since 02/03/2025. The exploitability is told to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available.
Upgrading to version 23.3 RTM or 25.2 RTM eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-2711). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Affected
- Lenovo BIOS
- Lenovo Computer
- Google Android
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.5
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Use after freeCWE: CWE-416 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Graphics DDK 23.3 RTM/25.2 RTM
Timeline
02/03/2025 CVE reserved09/22/2025 Advisory disclosed
09/22/2025 VulDB entry created
12/19/2025 VulDB entry last update
Sources
Advisory: imaginationtech.comStatus: Confirmed
CVE: CVE-2025-25177 (🔒)
GCVE (CVE): GCVE-0-2025-25177
GCVE (VulDB): GCVE-100-325221
CERT Bund: WID-SEC-2025-2711 - Android Patchday Dezember 2025: Mehrere Schwachstellen
Entry
Created: 09/22/2025 15:33Updated: 12/19/2025 02:02
Changes: 09/22/2025 15:33 (55), 12/19/2025 02:02 (7)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.