Harmonyos Security Vulnerabilities and Issues — Harmonyos CVE List

7.7CVSS6.6AI score0.00022EPSS

CVE-2025-54607

Authentication management vulnerability in the ArkWeb module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.

6.2CVSS6.3AI score0.00008EPSS

CVE-2025-54608

Vulnerability that allows setting screen rotation direction without permission verification in the screen management module.Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set.

7.3CVSS6.5AI score0.00007EPSS

CVE-2025-54611

EXTRA_REFERRER resource read vulnerability in the Gallery module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.7CVSS6.5AI score0.00011EPSS

CVE-2025-54618

Permission control vulnerability in the distributed clipboard module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE•added 2025/08/06 3:15 a.m.•8 views

CVE-2025-54627

Out-of-bounds write vulnerability in the skia module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.

8.8CVSS6.6AI score0.00026EPSS

CVE•added 2025/08/06 4:16 a.m.•8 views

CVE-2025-54641

Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module.Impact: Successful exploitation of this vulnerability may affect availability.

6.7CVSS6.9AI score0.0001EPSS

CVE•added 2025/08/06 4:16 a.m.•8 views

CVE-2025-54651

Race condition vulnerability in the kernel hufs module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.

4.8CVSS6.5AI score0.00005EPSS

CVE•added 2025/08/06 2:15 a.m.•7 views

CVE-2025-54610

Out-of-bounds access vulnerability in the audio codec module.Impact: Successful exploitation of this vulnerability may affect availability.

7.5CVSS6.5AI score0.00015EPSS

CVE•added 2025/08/06 2:15 a.m.•7 views

CVE-2025-54620

Deserialization vulnerability of untrusted data in the ability module.Impact: Successful exploitation of this vulnerability may affect availability.

5.5CVSS6.5AI score0.00016EPSS

CVE•added 2025/08/06 2:15 a.m.•7 views

CVE-2025-54621

Iterator failure issue in the WantAgent module.Impact: Successful exploitation of this vulnerability may cause memory release failures.

5.3CVSS6.5AI score0.00007EPSS

5.5CVSS6.5AI score0.00006EPSS

CVE-2025-54645

Out-of-bounds array access issue due to insufficient data verification in the location service module.Impact: Successful exploitation of this vulnerability may affect availability.

5.1CVSS6.5AI score0.00008EPSS

CVE-2025-54646

Vulnerability of inadequate packet length check in the BLE module.Impact: Successful exploitation of this vulnerability may affect performance.

6.5CVSS6.5AI score0.00009EPSS

CVE-2025-54647

Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack.Impact: Successful exploitation of this vulnerability may affect availability.

6.5CVSS6.5AI score0.00009EPSS

CVE-2025-54648

Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack.Impact: Successful exploitation of this vulnerability may affect availability.

4.5CVSS6.2AI score0.00006EPSS

CVE-2025-54649

Vulnerability of using incompatible types to access resources in the location service.Impact: Successful exploitation of this vulnerability may cause some location information attributes to be incorrect.

7.5CVSS6.5AI score0.00015EPSS

CVE-2025-54609

Out-of-bounds access vulnerability in the audio codec module.Impact: Successful exploitation of this vulnerability may affect availability.

5.9CVSS6.5AI score0.00008EPSS

CVE-2025-54613

Iterator failure vulnerability in the card management module.Impact: Successful exploitation of this vulnerability may affect function stability.

6.2CVSS6.5AI score0.00014EPSS

CVE-2025-54614

Input verification vulnerability in the home screen module.Impact: Successful exploitation of this vulnerability may affect availability.

6.2CVSS6.2AI score0.00007EPSS

CVE-2025-54615

Vulnerability of insufficient information protection in the media library module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5CVSS6.5AI score0.00007EPSS

CVE-2025-54616

Out-of-bounds array access vulnerability in the ArkUI framework.Impact: Successful exploitation of this vulnerability may affect availability.

5.3CVSS6.6AI score0.00007EPSS

CVE-2025-54619

Iterator failure issue in the multi-mode input module.Impact: Successful exploitation of this vulnerability may cause iterator failures and affect availability.

5.7CVSS6.8AI score0.0001EPSS

CVE-2025-54624

Unexpected injection event vulnerability in the multimodalinput module.Impact: Successful exploitation of this vulnerability may affect availability.

6.7CVSS6.5AI score0.00006EPSS

CVE-2025-54625

Race condition vulnerability in the kernel file system module.Impact: Successful exploitation of this vulnerability may affect availability.

4.4CVSS6.5AI score0.00007EPSS

CVE-2025-54626

Pointer dangling vulnerability in the cjwindow module.Impact: Successful exploitation of this vulnerability may affect function stability.

6.8CVSS6.5AI score0.00012EPSS

CVE-2025-54630

:Vulnerability of insufficient data length verification in the DFA module.Impact: Successful exploitation of this vulnerability may affect availability.

6.7CVSS6.5AI score0.00006EPSS

CVE-2025-54631

Vulnerability of insufficient data length verification in the partition module.Impact: Successful exploitation of this vulnerability may affect availability.

6.7CVSS6.5AI score0.00007EPSS

CVE-2025-54633

Out-of-bounds read vulnerability in the register configuration of the DMA module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5CVSS6.9AI score0.0001EPSS

CVE-2025-54636

Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module.Impact: Successful exploitation of this vulnerability may affect availability.

5.5CVSS6.4AI score0.00006EPSS

CVE-2025-54637

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.

5.5CVSS6.5AI score0.00016EPSS

CVE-2025-54638

Issue of inconsistent read/write serialization in the ad module.Impact: Successful exploitation of this vulnerability may affect the availability of the ad service.

5.5CVSS6.6AI score0.00009EPSS

CVE-2025-54639

ParcelMismatch vulnerability in attribute deserialization.Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.

5.5CVSS6.6AI score0.00009EPSS

CVE-2025-54640

ParcelMismatch vulnerability in attribute deserialization.Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.

6.7CVSS6.9AI score0.0001EPSS

CVE-2025-54642

Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module.Impact: Successful exploitation of this vulnerability may affect availability.