June

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following HUAWEI patches:

CVE Vulnerability Description Impact Severity Affected Version
CVE-2025-48902 Vulnerability of uncontrolled system resource applications in the setting module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-48903 Permission bypass vulnerability in the media library module Successful exploitation of this vulnerability may affect availability. High HarmonyOS5.0.0
CVE-2025-48904 Vulnerability that cards can call unauthorized APIs in the FRS process Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2025-48905 Wasm exception capture vulnerability in the arkweb v8 module Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. High HarmonyOS5.0.0
CVE-2025-48906 Authentication bypass vulnerability in the DSoftBus module Successful exploitation of this vulnerability may affect availability. High HarmonyOS5.0.0
CVE-2025-48907 Deserialization vulnerability in the IPC module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-58114 Resource allocation control failure vulnerability in the ArkUI framework Successful exploitation of this vulnerability may affect availability. High HarmonyOS5.0.0
CVE-2025-31171 File read permission bypass vulnerability in the kernel file system module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.0.0
CVE-2025-48909 Bypass vulnerability in the device management channel Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.0.0
CVE-2025-48910 Buffer overflow vulnerability in the DFile module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0, HarmonyOS4.3.0
CVE-2025-48911 Vulnerability of improper permission assignment in the note sharing module Successful exploitation of this vulnerability may affect availability. High HarmonyOS5.0.0

This security update includes the following third-party library patches:

CVE Severity Affected Version
CVE-2025-26426 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-26428 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-26436 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-26442 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-27363 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-21467 High HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-21468 High HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-21453 High HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-22419 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-22421 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-34719 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-22435 High HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-26691 Medium HarmonyOS5.0.0
CVE-2025-27247 Medium HarmonyOS5.0.0
CVE-2024-57884 Medium HarmonyOS5.0.0
CVE-2024-58017 Medium HarmonyOS5.0.0
CVE-2025-21683 Medium HarmonyOS5.0.0
CVE-2025-23235 Low HarmonyOS5.0.0
CVE-2025-21082 Low HarmonyOS5.0.0
CVE-2025-26693 Low HarmonyOS5.0.0
CVE-2025-27242 Low HarmonyOS5.0.0
CVE-2025-20063 Low HarmonyOS5.0.0
CVE-2025-25217 Low HarmonyOS5.0.0

Updated on: 2025-06-05

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue