Harmonyos
CVE-2025-54653
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module.
AnalysisAI
Path traversal vulnerability in the virtualization file module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module. Affected products include: Huawei Harmonyos.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
Auth bypass in device authentication module.
Permission control vulnerability in the memory management module. Rated critical severity (CVSS 9.3), this vulnerability
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerab
CVE-2025-48906 is an authentication bypass vulnerability in the DSoftBus module that allows unauthenticated attackers on
Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this
Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability w
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability w
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability w
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability w
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability w
Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerab
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today