Security Bulletins for HUAWEI Phones/Tablets, April 2025
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
| CVE | Vulnerability Description | Impact | Severity | Affected Version |
|---|---|---|---|---|
| CVE-2025-31170 | Access control vulnerability in the security verification module | Successful exploitation of this vulnerability will affect integrity and confidentiality. | High | HarmonyOS5.0.0, HarmonyOS4.3.0, HarmonyOS4.0.0, EMUI 14.0.0 |
| CVE-2025-31172 | Memory write permission bypass vulnerability in the kernel futex module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.0.0 |
| CVE-2025-31173 | Memory write permission bypass vulnerability in the kernel futex module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.0.0 |
| CVE-2025-31175 | Deserialization mismatch vulnerability in the DSoftBus module | Successful exploitation of this vulnerability may affect service integrity. | High | HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-58111 | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-58112 | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-58113 | Vulnerability of improper resource management in the memory management module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-58115 | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-58116 | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-58124 | Access control vulnerability in the security verification module | Successful exploitation of this vulnerability will affect integrity and confidentiality. | High | HarmonyOS4.0.0, EMUI 14.0.0 |
| CVE-2024-58125 | Access control vulnerability in the security verification module | Successful exploitation of this vulnerability will affect integrity and confidentiality. | High | HarmonyOS4.3.0, HarmonyOS4.0.0, EMUI 14.0.0 |
| CVE-2024-58126 | Access control vulnerability in the security verification module | Successful exploitation of this vulnerability will affect integrity and confidentiality. | High | HarmonyOS4.3.0, HarmonyOS4.0.0, EMUI 14.0.0 |
| CVE-2024-58127 | Access control vulnerability in the security verification module | Successful exploitation of this vulnerability will affect integrity and confidentiality. | High | HarmonyOS4.3.0, HarmonyOS4.0.0, EMUI 14.0.0 |
| CVE-2024-58106 | Buffer overflow vulnerability in the codec module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-58107 | Buffer overflow vulnerability in the codec module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-58108 | Buffer overflow vulnerability in the codec module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-58109 | Buffer overflow vulnerability in the codec module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-58110 | Buffer overflow vulnerability in the codec module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2025-31174 | Path traversal vulnerability in the DFS module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
This security update includes the following third-party library patches:
| CVE | Severity | Affected Version |
|---|---|---|
| CVE-2025-0081 | Critical | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-0086 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-0078 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-53014 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-49836 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-53024 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-49838 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-49746 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-49738 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-49745 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2023-52501 | High | HarmonyOS5.0.0 |
| CVE-2024-56600 | High | HarmonyOS5.0.0 |
| CVE-2024-56601 | High | HarmonyOS5.0.0 |
| CVE-2024-56606 | High | HarmonyOS5.0.0 |
| CVE-2024-26878 | Medium | HarmonyOS5.0.0 |
| CVE-2024-27047 | Medium | HarmonyOS5.0.0 |
| CVE-2024-41055 | Medium | HarmonyOS5.0.0 |
| CVE-2024-47668 | Medium | HarmonyOS5.0.0 |
| CVE-2024-57874 | Medium | HarmonyOS5.0.0 |
| CVE-2024-13176 | Medium | HarmonyOS5.0.0 |
| CVE-2024-46826 | Medium | HarmonyOS5.0.0 |
| CVE-2025-20102 | Low | HarmonyOS5.0.0 |
| CVE-2025-22452 | Low | HarmonyOS5.0.0 |
| CVE-2025-22842 | Low | HarmonyOS5.0.0 |
| CVE-2025-24304 | Low | HarmonyOS5.0.0 |
| CVE-2025-27534 | Low | HarmonyOS5.0.0 |
| CVE-2024-56644 | Low | HarmonyOS5.0.0 |
Updated on: 2025-04-05
- en