November

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Security Bulletins for HUAWEI Phones/Tablets, November 2025

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following HUAWEI patches:

CVE Vulnerability Description Impact Severity Affected Version
CVE-2025-58302 Permission control vulnerability in the Settings module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-58303 UAF vulnerability in the screen recording framework module Successful exploitation of this vulnerability may affect availability. High HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58306 UAF vulnerability in the playback framework module Successful exploitation of this vulnerability may affect availability. High HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58316 DoS vulnerability in the video-related system service module Successful exploitation of this vulnerability may affect availability. High HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58304 Permission control vulnerability in the file management module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58305 Identity authentication bypass vulnerability in the Gallery app Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.0.1
CVE-2025-58307 UAF vulnerability in the screen recording framework module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58308 Vulnerability of improper criterion security check in the call module Successful exploitation of this vulnerability may cause features to perform abnormally. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58309 Permission control vulnerability in the startup recovery module Successful exploitation of this vulnerability will affect availability and confidentiality. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58310 Permission control vulnerability in the distributed component Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58311 UAF vulnerability in the USB driver module Successful exploitation of this vulnerability will affect availability and confidentiality. Medium HarmonyOS5.1.0, HarmonyOS5.0.1, HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0
CVE-2025-58312 Permission control vulnerability in the App Lock module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58314 Vulnerability of accessing invalid memory in the component driver module Successful exploitation of this vulnerability will affect availability and confidentiality. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1, HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-58315 Permission control vulnerability in the Wi-Fi module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-64311 Permission control vulnerability in the Notepad module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-64312 Permission control vulnerability in the file management module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-64313 Denial of service (DoS) vulnerability in the office service Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-58294 Permission control vulnerability in the print module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1

This security update includes the following third-party library patches:

CVE Severity Affected Version
CVE-2025-0089 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-32325 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-48523 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-48529 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-48534 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-48542 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-48550 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-48561 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-3212 High HarmonyOS4.2.0, EMUI 14.2.0
CVE-2025-48533 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-43069 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-48563 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-38555 High HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-25277 Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-38342 Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-38668 Medium HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-27809 Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-38617 Low HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1

Updated on: 2025-11-05

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue