What is the CVSS score of CVE-2025-66322?

CVE-2025-66322 has a CVSS 3.1 base score of 5.1 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H. EPSS exploitation probability: 0.0%.

Which versions of Harmonyos are affected by CVE-2025-66322?

CVE-2025-66322 presents moderate security risk, a race condition vulnerability rated CVSS 5.1. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-66322?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Harmonyos CVE-2025-66322

EUVD-2025-201687 MEDIUM

Race Condition (CWE-362)

2025-12-08 psirt@huawei.com

Information Disclosure Race Condition Harmonyos

5.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:54 euvd

EUVD-2025-201687

Analysis Generated

Mar 15, 2026 - 17:54 vuln.today

CVE Published

Dec 08, 2025 - 08:15 nvd

MEDIUM 5.1

DescriptionNVD

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Analysis

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Technical ContextAI

A race condition occurs when the behavior of software depends on the timing of events, such as the order of execution of threads or processes.

RemediationAI

Use proper synchronization mechanisms (locks, mutexes, atomic operations). Implement file locking for filesystem operations. Avoid TOCTOU patterns.

CVE-2025-66322 vulnerability details – vuln.today

Back