What is the CVSS score of CVE-2025-48907?

CVE-2025-48907 has a CVSS 3.1 base score of 6.2 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Harmonyos are affected by CVE-2025-48907?

CVE-2025-48907 presents moderate security risk rated CVSS 6.2. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-48907?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Harmonyos CVE-2025-48907

EUVD-2025-17084 MEDIUM

Uncaught Exception (CWE-248)

2025-06-06 psirt@huawei.com

Deserialization Harmonyos

6.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17084

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

CVE Published

Jun 06, 2025 - 07:15 nvd

MEDIUM 6.2

DescriptionNVD

Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.

Analysis

Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.

Technical ContextAI

Insecure deserialization occurs when untrusted data is used to reconstruct objects, allowing attackers to manipulate serialized data to execute arbitrary code.

RemediationAI

Avoid deserializing untrusted data. Use safe serialization formats (JSON instead of native serialization). Implement integrity checks on serialized data.

CVE-2025-48907 vulnerability details – vuln.today

Back

Harmonyos CVE-2025-48907

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code