Search criteria
2224 vulnerabilities
CVE-2025-68959 (GCVE-0-2025-68959)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:38 – Updated: 2026-01-14 14:20
VLAI?
Summary
Permission verification bypass vulnerability in the media library module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
6.2 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:20:18.947978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:20:26.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission verification bypass vulnerability in the media library module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission verification bypass vulnerability in the media library module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:38:54.819Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68959",
"datePublished": "2026-01-14T02:38:54.819Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:20:26.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68970 (GCVE-0-2025-68970)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:35 – Updated: 2026-01-14 14:21
VLAI?
Summary
Permission verification bypass vulnerability in the media library module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
6.1 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:21:10.787802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:21:19.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission verification bypass vulnerability in the media library module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission verification bypass vulnerability in the media library module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:35:43.529Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68970",
"datePublished": "2026-01-14T02:35:43.529Z",
"dateReserved": "2025-12-27T09:06:51.412Z",
"dateUpdated": "2026-01-14T14:21:19.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68963 (GCVE-0-2025-68963)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:31 – Updated: 2026-01-14 23:35
VLAI?
Summary
Man-in-the-middle attack vulnerability in the Clone module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
5.7 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T23:17:22.971999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T23:35:36.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Man-in-the-middle attack vulnerability in the Clone module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Man-in-the-middle attack vulnerability in the Clone module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:31:32.979Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68963",
"datePublished": "2026-01-14T02:31:32.979Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T23:35:36.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68967 (GCVE-0-2025-68967)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:16 – Updated: 2026-01-14 23:35
VLAI?
Summary
Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
5.7 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T23:17:29.868181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T23:35:23.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of improper permission control in the print module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Vulnerability of improper permission control in the print module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:16:57.372Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68967",
"datePublished": "2026-01-14T02:16:57.372Z",
"dateReserved": "2025-12-27T09:06:51.412Z",
"dateUpdated": "2026-01-14T23:35:23.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68966 (GCVE-0-2025-68966)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:14 – Updated: 2026-01-14 14:29
VLAI?
Summary
Permission control vulnerability in the Notepad module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
5.1 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:29:46.839790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:29:54.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the Notepad module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission control vulnerability in the Notepad module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:14:40.405Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68966",
"datePublished": "2026-01-14T02:14:40.405Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:29:54.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68965 (GCVE-0-2025-68965)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:13 – Updated: 2026-01-14 14:30
VLAI?
Summary
Permission control vulnerability in the Notepad module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:30:21.743652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:30:28.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the Notepad module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission control vulnerability in the Notepad module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:13:06.754Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68965",
"datePublished": "2026-01-14T02:13:06.754Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:30:28.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68964 (GCVE-0-2025-68964)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:11 – Updated: 2026-01-14 14:32
VLAI?
Summary
Data verification vulnerability in the HiView module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.2 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:32:14.388927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:32:23.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Data verification vulnerability in the HiView module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Data verification vulnerability in the HiView module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:11:25.924Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68964",
"datePublished": "2026-01-14T02:11:25.924Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:32:23.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68969 (GCVE-0-2025-68969)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:07 – Updated: 2026-01-14 14:33
VLAI?
Summary
Multi-thread race condition vulnerability in the thermal management module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.8 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:33:21.115768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:33:28.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the thermal management module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the thermal management module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:07:24.192Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68969",
"datePublished": "2026-01-14T02:07:24.192Z",
"dateReserved": "2025-12-27T09:06:51.412Z",
"dateUpdated": "2026-01-14T14:33:28.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68968 (GCVE-0-2025-68968)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:05 – Updated: 2026-01-14 14:33
VLAI?
Summary
Double free vulnerability in the multi-mode input module.
Impact: Successful exploitation of this vulnerability may affect the input function.
Severity ?
7.8 (High)
CWE
- CWE-6 J2EE Misconfiguration - Insufficient Session-ID Length
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:33:47.347303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:33:59.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Double free vulnerability in the multi-mode input module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect the input function."
}
],
"value": "Double free vulnerability in the multi-mode input module.\nImpact: Successful exploitation of this vulnerability may affect the input function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:05:43.632Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68968",
"datePublished": "2026-01-14T02:05:43.632Z",
"dateReserved": "2025-12-27T09:06:51.412Z",
"dateUpdated": "2026-01-14T14:33:59.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68962 (GCVE-0-2025-68962)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:04 – Updated: 2026-01-14 14:34
VLAI?
Summary
Multi-thread race condition vulnerability in the camera framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.1 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:34:17.003566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:34:24.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the camera framework module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the camera framework module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:04:11.095Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68962",
"datePublished": "2026-01-14T02:04:11.095Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:34:24.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68961 (GCVE-0-2025-68961)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:02 – Updated: 2026-01-14 14:44
VLAI?
Summary
Multi-thread race condition vulnerability in the camera framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.1 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:44:49.211112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:44:55.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the camera framework module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the camera framework module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:02:42.344Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68961",
"datePublished": "2026-01-14T02:02:42.344Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:44:55.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68960 (GCVE-0-2025-68960)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:01 – Updated: 2026-01-14 14:51
VLAI?
Summary
Multi-thread race condition vulnerability in the video framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
8.4 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:50:59.463354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:51:07.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the video framework module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the video framework module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:01:03.747Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68960",
"datePublished": "2026-01-14T02:01:03.747Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:51:07.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68958 (GCVE-0-2025-68958)
Vulnerability from cvelistv5 – Published: 2026-01-14 01:59 – Updated: 2026-01-14 14:51
VLAI?
Summary
Multi-thread race condition vulnerability in the card framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:51:26.258103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:51:33.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the card framework module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the card framework module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T01:59:41.923Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68958",
"datePublished": "2026-01-14T01:59:41.923Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:51:33.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68957 (GCVE-0-2025-68957)
Vulnerability from cvelistv5 – Published: 2026-01-14 01:58 – Updated: 2026-01-14 14:53
VLAI?
Summary
Multi-thread race condition vulnerability in the card framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
8.4 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:52:53.602351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:53:00.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the card framework module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the card framework module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T01:58:05.713Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68957",
"datePublished": "2026-01-14T01:58:05.713Z",
"dateReserved": "2025-12-27T09:06:51.410Z",
"dateUpdated": "2026-01-14T14:53:00.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68956 (GCVE-0-2025-68956)
Vulnerability from cvelistv5 – Published: 2026-01-14 01:56 – Updated: 2026-01-14 23:35
VLAI?
Summary
Multi-thread race condition vulnerability in the card framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T23:17:49.602437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T23:35:11.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the card framework module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the card framework module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T01:56:39.093Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68956",
"datePublished": "2026-01-14T01:56:39.093Z",
"dateReserved": "2025-12-27T09:06:51.410Z",
"dateUpdated": "2026-01-14T23:35:11.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68955 (GCVE-0-2025-68955)
Vulnerability from cvelistv5 – Published: 2026-01-14 01:51 – Updated: 2026-01-14 23:34
VLAI?
Summary
Multi-thread race condition vulnerability in the card framework module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T23:17:54.740117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T23:34:57.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the card framework module. \u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the card framework module. \nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T01:51:42.163Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68955",
"datePublished": "2026-01-14T01:51:42.163Z",
"dateReserved": "2025-12-27T09:06:51.410Z",
"dateUpdated": "2026-01-14T23:34:57.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66330 (GCVE-0-2025-66330)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:34 – Updated: 2025-12-08 17:30
VLAI?
Summary
App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
4.9 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:29:36.028710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:30:13.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:34:15.315Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66330",
"datePublished": "2025-12-08T08:34:15.315Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T17:30:13.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66329 (GCVE-0-2025-66329)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:33 – Updated: 2025-12-08 17:30
VLAI?
Summary
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
4 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:30:35.864101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:30:43.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:33:05.489Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66329",
"datePublished": "2025-12-08T08:33:05.489Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T17:30:43.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66325 (GCVE-0-2025-66325)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:30 – Updated: 2025-12-08 14:07
VLAI?
Summary
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
6.2 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T14:07:19.613923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T14:07:25.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:30:44.800Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66325",
"datePublished": "2025-12-08T08:30:44.800Z",
"dateReserved": "2025-11-27T02:20:28.789Z",
"dateUpdated": "2025-12-08T14:07:25.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58279 (GCVE-0-2025-58279)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:27 – Updated: 2025-12-08 14:09
VLAI?
Summary
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T14:09:28.765493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T14:09:34.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:27:03.735Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-58279",
"datePublished": "2025-12-08T08:27:03.735Z",
"dateReserved": "2025-08-28T06:15:10.964Z",
"dateUpdated": "2025-12-08T14:09:34.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66334 (GCVE-0-2025-66334)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:23 – Updated: 2025-12-08 14:10
VLAI?
Summary
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T14:09:58.386078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T14:10:08.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:23:28.260Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66334",
"datePublished": "2025-12-08T08:23:28.260Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T14:10:08.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66333 (GCVE-0-2025-66333)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:18 – Updated: 2025-12-08 14:10
VLAI?
Summary
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T14:10:47.892394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T14:10:56.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:18:29.086Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66333",
"datePublished": "2025-12-08T08:18:29.086Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T14:10:56.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66332 (GCVE-0-2025-66332)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:13 – Updated: 2025-12-08 14:11
VLAI?
Summary
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T14:11:25.271029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T14:11:32.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:13:39.293Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66332",
"datePublished": "2025-12-08T08:13:39.293Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T14:11:32.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66331 (GCVE-0-2025-66331)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:12 – Updated: 2025-12-08 14:13
VLAI?
Summary
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T14:12:56.663177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T14:13:03.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:12:28.332Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66331",
"datePublished": "2025-12-08T08:12:28.332Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T14:13:03.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66328 (GCVE-0-2025-66328)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:11 – Updated: 2025-12-08 14:13
VLAI?
Summary
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
8.4 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T14:13:29.092352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T14:13:35.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:11:20.065Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66328",
"datePublished": "2025-12-08T08:11:20.065Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T14:13:35.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66327 (GCVE-0-2025-66327)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:09 – Updated: 2025-12-08 18:01
VLAI?
Summary
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
7.1 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T18:01:04.246837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T18:01:39.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the network module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Race condition vulnerability in the network module.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:09:51.745Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66327",
"datePublished": "2025-12-08T08:09:51.745Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T18:01:39.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66326 (GCVE-0-2025-66326)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:08 – Updated: 2025-12-08 18:15
VLAI?
Summary
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.7 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T18:11:44.577082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T18:15:32.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:08:52.274Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66326",
"datePublished": "2025-12-08T08:08:52.274Z",
"dateReserved": "2025-11-27T02:20:28.790Z",
"dateUpdated": "2025-12-08T18:15:32.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66324 (GCVE-0-2025-66324)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:07 – Updated: 2025-12-08 18:16
VLAI?
Summary
Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.
Severity ?
8.4 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T18:16:09.405556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T18:16:31.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Input verification vulnerability in the compression and decompression module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect app data integrity."
}
],
"value": "Input verification vulnerability in the compression and decompression module.\u00a0Impact: Successful exploitation of this vulnerability may affect app data integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:07:42.242Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66324",
"datePublished": "2025-12-08T08:07:42.242Z",
"dateReserved": "2025-11-27T02:20:28.789Z",
"dateUpdated": "2025-12-08T18:16:31.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66323 (GCVE-0-2025-66323)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:06 – Updated: 2025-12-08 18:24
VLAI?
Summary
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.3 (Medium)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T18:20:48.883721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T18:24:17.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:06:34.026Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66323",
"datePublished": "2025-12-08T08:06:34.026Z",
"dateReserved": "2025-11-27T02:20:28.789Z",
"dateUpdated": "2025-12-08T18:24:17.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66322 (GCVE-0-2025-66322)
Vulnerability from cvelistv5 – Published: 2025-12-08 08:01 – Updated: 2025-12-08 18:40
VLAI?
Summary
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.1 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T18:36:39.984377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T18:40:57.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T08:01:36.601Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/12/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-66322",
"datePublished": "2025-12-08T08:01:36.601Z",
"dateReserved": "2025-11-27T02:20:28.789Z",
"dateUpdated": "2025-12-08T18:40:57.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}