Harmonyos
Monthly
Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of inadequate packet length check in the BLE module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the location service module. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
ParcelMismatch vulnerability in attribute deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
ParcelMismatch vulnerability in attribute deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Issue of inconsistent read/write serialization in the ad module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of returning released pointers in the distributed notification service. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of improper processing of abnormal conditions in huge page separation. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the register configuration of the DMA module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of insufficient data length verification in the HVB module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of insufficient data length verification in the partition module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
:Vulnerability of insufficient data length verification in the DFA module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Race condition issue occurring in the physical page import process of the memory management module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of incomplete verification information in the communication module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write vulnerability in the skia module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Pointer dangling vulnerability in the cjwindow module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Race condition vulnerability in the kernel file system module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Unexpected injection event vulnerability in the multimodalinput module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the devicemanager module. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Binding authentication bypass vulnerability in the devicemanager module. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.
Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Deserialization vulnerability of untrusted data in the ability module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Permission control vulnerability in the distributed clipboard module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Stack-based buffer overflow vulnerability in the dms_fwk module. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access vulnerability in the ArkUI framework. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of insufficient information protection in the media library module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Input verification vulnerability in the home screen module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
EXTRA_REFERRER resource read vulnerability in the Gallery module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication management vulnerability in the ArkWeb module. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Status verification vulnerability in the lock screen module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Race condition vulnerability in the virtualization base module. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.
Path traversal vulnerability in the virtualization file module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Path traversal vulnerability in the virtualization base module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.
Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability.
Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.
CVE-2025-53168 is a security vulnerability (CVSS 5.7) that allows the peer device. Remediation should follow standard vulnerability management procedures.
CVE-2025-53167 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-48911 is an improper permission assignment vulnerability in a note sharing module that allows local attackers with user interaction to compromise system availability and potentially access sensitive information. The vulnerability has a CVSS score of 8.2 (High) with a broad scope impact, though specific affected products, patch status, and exploitation telemetry are not provided in the available intelligence sources. Without KEV confirmation or EPSS data, the real-world exploitation risk cannot be definitively assessed, but the local attack vector and user interaction requirement suggest this is less critical than remote, unauthenticated vulnerabilities.
Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
Bypass vulnerability in device management channels that allows unauthenticated attackers on adjacent networks to compromise service confidentiality and cause minor availability impact. The vulnerability affects device management implementations across multiple vendors (specific products require vendor advisories to identify). While no active exploitation in the wild has been confirmed in public KEV databases at time of analysis, the 7.1 CVSS score and high confidentiality impact warrant immediate attention for organizations managing devices on trusted networks.
CVE-2025-48908 is a security vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.
Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48906 is an authentication bypass vulnerability in the DSoftBus module that allows unauthenticated attackers on the local network to completely compromise system confidentiality, integrity, and availability without user interaction. The vulnerability affects DSoftBus implementations across multiple platforms with a CVSS score of 8.8, indicating critical severity with high exploitability potential on adjacent networks.
WebAssembly exception handling vulnerability in the arkweb v8 module that prevents proper capture of specific Wasm exception types, potentially allowing attackers to bypass security controls or trigger unexpected application behavior. The vulnerability affects arkweb's V8 integration layer and requires network access but high attack complexity to exploit. While the CVSS score of 8.1 indicates high severity with potential impacts to confidentiality, integrity, and availability, real-world exploitability depends on whether active exploitation or proof-of-concept code exists.
CVE-2025-48904 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
Permission bypass vulnerability in the media library module that allows unauthenticated local attackers to escalate privileges and gain unauthorized access to sensitive functionality. The vulnerability has a CVSS score of 7.8 (High) and impacts confidentiality, integrity, and availability. While the description indicates only availability impact, the CVSS vector reveals high C/I/A ratings, suggesting attackers can read, modify, or delete protected media assets and potentially disrupt service availability.
A remote code execution vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.
Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5). No vendor patch available.
Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of inadequate packet length check in the BLE module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the location service module. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
ParcelMismatch vulnerability in attribute deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
ParcelMismatch vulnerability in attribute deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Issue of inconsistent read/write serialization in the ad module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of returning released pointers in the distributed notification service. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of improper processing of abnormal conditions in huge page separation. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the register configuration of the DMA module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of insufficient data length verification in the HVB module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of insufficient data length verification in the partition module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
:Vulnerability of insufficient data length verification in the DFA module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Race condition issue occurring in the physical page import process of the memory management module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability of incomplete verification information in the communication module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write vulnerability in the skia module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Pointer dangling vulnerability in the cjwindow module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Race condition vulnerability in the kernel file system module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Unexpected injection event vulnerability in the multimodalinput module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the devicemanager module. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Binding authentication bypass vulnerability in the devicemanager module. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.
Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Deserialization vulnerability of untrusted data in the ability module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Permission control vulnerability in the distributed clipboard module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Stack-based buffer overflow vulnerability in the dms_fwk module. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access vulnerability in the ArkUI framework. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of insufficient information protection in the media library module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Input verification vulnerability in the home screen module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
EXTRA_REFERRER resource read vulnerability in the Gallery module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication management vulnerability in the ArkWeb module. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Status verification vulnerability in the lock screen module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Race condition vulnerability in the virtualization base module. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.
Path traversal vulnerability in the virtualization file module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Path traversal vulnerability in the virtualization base module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.
Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability.
Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.
CVE-2025-53168 is a security vulnerability (CVSS 5.7) that allows the peer device. Remediation should follow standard vulnerability management procedures.
CVE-2025-53167 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-48911 is an improper permission assignment vulnerability in a note sharing module that allows local attackers with user interaction to compromise system availability and potentially access sensitive information. The vulnerability has a CVSS score of 8.2 (High) with a broad scope impact, though specific affected products, patch status, and exploitation telemetry are not provided in the available intelligence sources. Without KEV confirmation or EPSS data, the real-world exploitation risk cannot be definitively assessed, but the local attack vector and user interaction requirement suggest this is less critical than remote, unauthenticated vulnerabilities.
Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
Bypass vulnerability in device management channels that allows unauthenticated attackers on adjacent networks to compromise service confidentiality and cause minor availability impact. The vulnerability affects device management implementations across multiple vendors (specific products require vendor advisories to identify). While no active exploitation in the wild has been confirmed in public KEV databases at time of analysis, the 7.1 CVSS score and high confidentiality impact warrant immediate attention for organizations managing devices on trusted networks.
CVE-2025-48908 is a security vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.
Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48906 is an authentication bypass vulnerability in the DSoftBus module that allows unauthenticated attackers on the local network to completely compromise system confidentiality, integrity, and availability without user interaction. The vulnerability affects DSoftBus implementations across multiple platforms with a CVSS score of 8.8, indicating critical severity with high exploitability potential on adjacent networks.
WebAssembly exception handling vulnerability in the arkweb v8 module that prevents proper capture of specific Wasm exception types, potentially allowing attackers to bypass security controls or trigger unexpected application behavior. The vulnerability affects arkweb's V8 integration layer and requires network access but high attack complexity to exploit. While the CVSS score of 8.1 indicates high severity with potential impacts to confidentiality, integrity, and availability, real-world exploitability depends on whether active exploitation or proof-of-concept code exists.
CVE-2025-48904 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
Permission bypass vulnerability in the media library module that allows unauthenticated local attackers to escalate privileges and gain unauthorized access to sensitive functionality. The vulnerability has a CVSS score of 7.8 (High) and impacts confidentiality, integrity, and availability. While the description indicates only availability impact, the CVSS vector reveals high C/I/A ratings, suggesting attackers can read, modify, or delete protected media assets and potentially disrupt service availability.
A remote code execution vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.
Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5). No vendor patch available.
Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.