What is the CVSS score of CVE-2025-58279?

CVE-2025-58279 has a CVSS 3.1 base score of 4.4 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Harmonyos are affected by CVE-2025-58279?

CVE-2025-58279 presents moderate security risk, a information exposure vulnerability rated CVSS 4.4. Sensitive information could be exposed to unauthorized parties.

How to fix or mitigate CVE-2025-58279?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Harmonyos CVE-2025-58279

EUVD-2025-201684 MEDIUM

Information Exposure (CWE-200)

2025-12-08 psirt@huawei.com

Information Disclosure Harmonyos

4.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:54 euvd

EUVD-2025-201684

Analysis Generated

Mar 15, 2026 - 17:54 vuln.today

CVE Published

Dec 08, 2025 - 09:15 nvd

MEDIUM 4.4

DescriptionNVD

Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Analysis

Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Information Exposure (CWE-200).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-58279 vulnerability details – vuln.today

Back