{"id":"CVE-2025-58407","details":"Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.","aliases":["A-449121737","ASB-A-449121737"],"modified":"2026-03-13T03:37:20.624494Z","published":"2025-11-17T18:15:57.880Z","references":[{"type":"ADVISORY","url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58407.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"25.2-rtm"}]}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}