Huawei Harmonyos vulnerabilities

CVE-2024-58117 [LOW] CWE-121 CVE-2024-58117: Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-53176 [LOW] CWE-121 CVE-2025-53176: Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-53174 [LOW] CWE-121 CVE-2025-53174: Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-48911 [HIGH] CWE-266 CVE-2025-48911: Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploi Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48903 [HIGH] CWE-264 CVE-2025-48903: Permission bypass vulnerability in the media library module Impact: Successful exploitation of this Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48906 [HIGH] CWE-290 CVE-2025-48906: Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this v Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48905 [HIGH] CWE-1068 CVE-2025-48905: Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types.

CVE-2025-48909 [HIGH] CWE-287 CVE-2025-48909: Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulner Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-48902 [MEDIUM] CWE-118 CVE-2025-48902: Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48910 [MEDIUM] CWE-122 CVE-2025-48910: Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerabil Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48904 [MEDIUM] CWE-288 CVE-2025-48904: Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitati Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48908 [MEDIUM] CWE-567 CVE-2025-48908: Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48907 [MEDIUM] CWE-248 CVE-2025-48907: Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerabilit Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58114 [MEDIUM] CWE-770 CVE-2024-58114: Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploita Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46588 [HIGH] CWE-284 CVE-2025-46588: Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-46589 [HIGH] CWE-284 CVE-2025-46589: Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-46585 [HIGH] CWE-787 CVE-2025-46585: Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46584 [MEDIUM] CWE-280 CVE-2025-46584: Vulnerability of improper authentication logic implementation in the file system module Impact: Succ Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-46590 [MEDIUM] CWE-287 CVE-2025-46590: Bypass vulnerability in the network search instruction authentication module Impact: Successful expl Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions.

CVE-2024-58252 [MEDIUM] CWE-200 CVE-2024-58252: Vulnerability of insufficient information protection in the media library module Impact: Successful Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.