CVE-2025-13952

EPSS 0.02%
Veröffentlicht 24.01.2026 02:26:49
Zuletzt bearbeitet 28.01.2026 18:33:18
Quelle 367425dc-4d06-4041-9650-c2dc6a
CVE-Watchlists
Login
Unerledigt
Login

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.

The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Imaginationtech ≫ Ddk Version < 25.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.042

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-13952

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13952

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13952

EUVD