Huawei Harmonyos vulnerabilities
1,076 known vulnerabilities affecting huawei/harmonyos.
Total CVEs
1,076
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL138HIGH534MEDIUM365LOW39
Vulnerabilities
Page 8 of 54
CVE-2025-54609HIGHCVSS 7.5v5.0.1v5.1.02025-08-06
CVE-2025-54609 [HIGH] CWE-125 CVE-2025-54609: Out-of-bounds access vulnerability in the audio codec module.
Impact: Successful exploitation of thi
Out-of-bounds access vulnerability in the audio codec module.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54607HIGHCVSS 7.5v5.0.1v5.0.2+1 more2025-08-06
CVE-2025-54607 [HIGH] CWE-295 CVE-2025-54607: Authentication management vulnerability in the ArkWeb module.
Impact: Successful exploitation of thi
Authentication management vulnerability in the ArkWeb module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
cvelistv5nvd
CVE-2025-54628HIGHCVSS 7.5v4.0.0v4.2.0+4 more2025-08-06
CVE-2025-54628 [HIGH] CWE-118 CVE-2025-54628: Vulnerability of incomplete verification information in the communication module.
Impact: Successful
Vulnerability of incomplete verification information in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54627HIGHCVSS 8.8v5.0.1v5.0.2+1 more2025-08-06
CVE-2025-54627 [HIGH] CWE-787 CVE-2025-54627: Out-of-bounds write vulnerability in the skia module.
Impact: Successful exploitation of this vulner
Out-of-bounds write vulnerability in the skia module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
cvelistv5nvd
CVE-2025-54616MEDIUMCVSS 5.5v5.1.02025-08-06
CVE-2025-54616 [MEDIUM] CWE-787 CVE-2025-54616: Out-of-bounds array access vulnerability in the ArkUI framework.
Impact: Successful exploitation of
Out-of-bounds array access vulnerability in the ArkUI framework.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54642MEDIUMCVSS 5.5v3.0.0v3.1.0+1 more2025-08-06
CVE-2025-54642 [MEDIUM] CWE-20 CVE-2025-54642: Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module.
Im
Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54645MEDIUMCVSS 5.5v5.0.1v5.1.02025-08-06
CVE-2025-54645 [MEDIUM] CWE-129 CVE-2025-54645: Out-of-bounds array access issue due to insufficient data verification in the location service modul
Out-of-bounds array access issue due to insufficient data verification in the location service module.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54653MEDIUMCVSS 6.5v5.0.1v5.0.22025-08-06
CVE-2025-54653 [MEDIUM] CWE-22 CVE-2025-54653: Path traversal vulnerability in the virtualization file module. Successful exploitation of this vuln
Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module.
cvelistv5nvd
CVE-2025-54639MEDIUMCVSS 5.5v5.0.1v5.1.02025-08-06
CVE-2025-54639 [MEDIUM] CWE-502 CVE-2025-54639: ParcelMismatch vulnerability in attribute deserialization.
Impact: Successful exploitation of this v
ParcelMismatch vulnerability in attribute deserialization.
Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.
cvelistv5nvd
CVE-2025-54620MEDIUMCVSS 5.5v5.0.1v5.0.2+1 more2025-08-06
CVE-2025-54620 [MEDIUM] CWE-502 CVE-2025-54620: Deserialization vulnerability of untrusted data in the ability module.
Impact: Successful exploitati
Deserialization vulnerability of untrusted data in the ability module.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54640MEDIUMCVSS 5.5v5.0.1v5.1.02025-08-06
CVE-2025-54640 [MEDIUM] CWE-502 CVE-2025-54640: ParcelMismatch vulnerability in attribute deserialization.
Impact: Successful exploitation of this v
ParcelMismatch vulnerability in attribute deserialization.
Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.
cvelistv5nvd
CVE-2025-54618MEDIUMCVSS 5.7v5.0.1v5.0.2+1 more2025-08-06
CVE-2025-54618 [MEDIUM] CWE-275 CVE-2025-54618: Permission control vulnerability in the distributed clipboard module.
Impact: Successful exploitatio
Permission control vulnerability in the distributed clipboard module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
cvelistv5nvd
CVE-2025-54636MEDIUMCVSS 5.5v3.0.0v3.1.0+1 more2025-08-06
CVE-2025-54636 [MEDIUM] CWE-20 CVE-2025-54636: Issue of buffer overflow caused by insufficient data verification in the kernel drop detection modul
Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54652MEDIUMCVSS 5.5v5.0.1v5.0.22025-08-06
CVE-2025-54652 [MEDIUM] CWE-22 CVE-2025-54652: Path traversal vulnerability in the virtualization base module. Successful exploitation of this vuln
Path traversal vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module.
cvelistv5nvd
CVE-2025-54646MEDIUMCVSS 4.3v2.0.0v2.1.0+7 more2025-08-06
CVE-2025-54646 [MEDIUM] CWE-130 CVE-2025-54646: Vulnerability of inadequate packet length check in the BLE module.
Impact: Successful exploitation o
Vulnerability of inadequate packet length check in the BLE module.
Impact: Successful exploitation of this vulnerability may affect performance.
cvelistv5nvd
CVE-2025-54624MEDIUMCVSS 5.7v5.0.1v5.0.2+1 more2025-08-06
CVE-2025-54624 [MEDIUM] CWE-275 CVE-2025-54624: Unexpected injection event vulnerability in the multimodalinput module.
Impact: Successful exploitat
Unexpected injection event vulnerability in the multimodalinput module.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54648MEDIUMCVSS 6.5v5.1.02025-08-06
CVE-2025-54648 [MEDIUM] CWE-125 CVE-2025-54648: Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack.
Impact: Successf
Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54625MEDIUMCVSS 4.7v5.0.1v5.0.2+1 more2025-08-06
CVE-2025-54625 [MEDIUM] CWE-414 CVE-2025-54625: Race condition vulnerability in the kernel file system module.
Impact: Successful exploitation of th
Race condition vulnerability in the kernel file system module.
Impact: Successful exploitation of this vulnerability may affect availability.
cvelistv5nvd
CVE-2025-54611MEDIUMCVSS 5.5v2.0.0v2.1.0+6 more2025-08-06
CVE-2025-54611 [MEDIUM] CWE-840 CVE-2025-54611: EXTRA_REFERRER resource read vulnerability in the Gallery module.
Impact: Successful exploitation of
EXTRA_REFERRER resource read vulnerability in the Gallery module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
cvelistv5nvd
CVE-2025-54608MEDIUMCVSS 4.0v5.0.1v5.0.2+1 more2025-08-06
CVE-2025-54608 [MEDIUM] CWE-264 CVE-2025-54608: Vulnerability that allows setting screen rotation direction without permission verification in the s
Vulnerability that allows setting screen rotation direction without permission verification in the screen management module.
Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set.
cvelistv5nvd