How to fix CVE-2025-26693?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Is OpenHarmony affected by CVE-2025-26693?

CVE-2025-26693 is a low-severity vulnerability in OpenHarmony (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

OpenHarmony CVE-2025-26693

EUVD-2025-17389 LOW

Improper Preservation of Permissions (CWE-281)

2025-06-08 [email protected]

Information Disclosure

3.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:17 euvd

EUVD-2025-17389

Analysis Generated

Mar 14, 2026 - 19:17 vuln.today

CVE Published

Jun 08, 2025 - 12:15 nvd

LOW 3.3

DescriptionNVD

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Analysis

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls.

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-26693 vulnerability details – vuln.today

Back

OpenHarmony CVE-2025-26693

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code