Critical

Information disclosure in Imagination PowerVR trusted execution environment isolation

IdentifiersCVE-2025-6573CWE-200

CVE-2025-6573 is a high-severity vulnerability affecting Imagination PowerVR GPU-related software referenced in the December 2025 Android Security Bulletin. The available description states that kernel software installed and running inside an untrusted or rich execution environment (REE) could leak information from the trusted execution environment (TEE). Based on the provided information, the flaw is an information disclosure issue involving a breakdown of isolation between the normal-world kernel/REE and the TEE, allowing data from the trusted environment to be exposed. No vulnerable function, code path, or more specific root-cause details are provided in the supplied content.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation could allow disclosure of sensitive information resident in or processed by the trusted execution environment. Depending on implementation and what data is present in the TEE, this could expose protected secrets, trusted application data, or other security-sensitive material that is expected to remain isolated from the normal-world kernel and REE. The provided content does not state that code execution or privilege escalation in the TEE is possible; the documented impact is information leakage across the REE/TEE trust boundary.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by prioritizing vendor/OEM firmware updates for affected devices, limiting use of untrusted or unnecessary kernel modules/drivers in the REE where feasible, and restricting deployment of affected devices in high-sensitivity environments until the vendor fix is applied. For managed fleets, track both Android patch level and vendor-specific update status, since vendor integration lag can leave devices exposed even when the platform patch level appears current. No specific workaround beyond applying the vendor fix is provided in the supplied content.

Remediation

Patch, then assume compromise.

Apply the December 2025 Android security updates that include the relevant Imagination PowerVR fixes, preferably at Android security patch level 2025-12-05 or later, as the bulletin states that devices at 2025-12-05 or later are protected against all issues covered in that month’s bulletin. Because this issue affects a vendor component, remediation may also require OEM and chipset-vendor integrated firmware/driver updates in addition to the base Android patch level.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

socradar blogNews

Dec 2, 2025

December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited

High-severity vulnerability impacting Imagination PowerVR GPU components (GPU driver class issues such as memory corruption/information disclosure/local privilege escalation are mentioned generally).

cyberthroneNews

Dec 2, 2025

Android Patch Update December 2025

Imagination PowerVR GPU vulnerability fixed via vendor updates; may enable data leakage or execution paths via malicious GPU workloads.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3