Security Bulletins for HUAWEI Phones/Tablets, May 2025
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
CVE | Vulnerability Description | Impact | Severity | Affected Version |
---|---|---|---|---|
CVE-2025-46584 | Vulnerability of improper authentication logic implementation in the file system module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.0.0 |
CVE-2025-46585 | Out-of-bounds array read/write vulnerability in the kernel module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
CVE-2025-46586 | Permission control vulnerability in the contacts module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2025-46587 | Permission control vulnerability in the media library module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
CVE-2024-58252 | Vulnerability of insufficient information protection in the media library module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
CVE-2025-46588 | Vulnerability of unauthorized access in the app lock module | Successful exploitation of this vulnerability will affect integrity and confidentiality. | Medium | HarmonyOS5.0.0 |
CVE-2025-46589 | Vulnerability of unauthorized access in the app lock module | Successful exploitation of this vulnerability will affect integrity and confidentiality. | Medium | HarmonyOS5.0.0 |
CVE-2025-46590 | Bypass vulnerability in the network search instruction authentication module | Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions. | Medium | HarmonyOS5.0.0 |
CVE-2025-46591 | Out-of-bounds data read vulnerability in the authorization module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
CVE-2025-46592 | Null pointer dereference vulnerability in the USB HDI driver module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2025-46593 | Process residence vulnerability in abnormal scenarios in the print module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
This security update includes the following third-party library patches:
CVE | Severity | Affected Version |
---|---|---|
CVE-2025-22423 | Critical | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-26416 | Critical | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-0084 | Critical | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-49730 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-22416 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-22422 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-22427 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-22428 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-22433 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-22438 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-22439 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2024-43066 | High | HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-50264 | High | HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2024-53150 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-53197 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-21429 | High | HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-21430 | High | HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-21435 | High | HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-0082 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-0083 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-26417 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-0079 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2023-21125 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-27248 | Low | HarmonyOS5.0.0 |
CVE-2025-25052 | Low | HarmonyOS5.0.0 |
CVE-2025-27132 | Low | HarmonyOS5.0.0 |
CVE-2025-22886 | Low | HarmonyOS5.0.0 |
CVE-2025-27241 | Low | HarmonyOS5.0.0 |
CVE-2025-25218 | Low | HarmonyOS5.0.0 |
Updated on: 2025-05-05
- en