Security Bulletins for HUAWEI Phones/Tablets, June 2025
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
| CVE | Vulnerability Description | Impact | Severity | Affected Version |
|---|---|---|---|---|
| CVE-2025-48902 | Vulnerability of uncontrolled system resource applications in the setting module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-48903 | Permission bypass vulnerability in the media library module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2025-48904 | Vulnerability that cards can call unauthorized APIs in the FRS process | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2025-48905 | Wasm exception capture vulnerability in the arkweb v8 module | Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | High | HarmonyOS5.0.0 |
| CVE-2025-48906 | Authentication bypass vulnerability in the DSoftBus module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2025-48907 | Deserialization vulnerability in the IPC module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-58114 | Resource allocation control failure vulnerability in the ArkUI framework | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2025-31171 | File read permission bypass vulnerability in the kernel file system module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2025-48909 | Bypass vulnerability in the device management channel | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.0.0 |
| CVE-2025-48910 | Buffer overflow vulnerability in the DFile module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0, HarmonyOS4.3.0 |
| CVE-2025-48911 | Vulnerability of improper permission assignment in the note sharing module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
This security update includes the following third-party library patches:
| CVE | Severity | Affected Version |
|---|---|---|
| CVE-2025-26426 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-26428 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-26436 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2025-26442 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-27363 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-21467 | High | HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2025-21468 | High | HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2025-21453 | High | HarmonyOS4.3.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2025-22419 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-22421 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-34719 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2025-22435 | High | HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-26691 | Medium | HarmonyOS5.0.0 |
| CVE-2025-27247 | Medium | HarmonyOS5.0.0 |
| CVE-2024-57884 | Medium | HarmonyOS5.0.0 |
| CVE-2024-58017 | Medium | HarmonyOS5.0.0 |
| CVE-2025-21683 | Medium | HarmonyOS5.0.0 |
| CVE-2025-23235 | Low | HarmonyOS5.0.0 |
| CVE-2025-21082 | Low | HarmonyOS5.0.0 |
| CVE-2025-26693 | Low | HarmonyOS5.0.0 |
| CVE-2025-27242 | Low | HarmonyOS5.0.0 |
| CVE-2025-20063 | Low | HarmonyOS5.0.0 |
| CVE-2025-25217 | Low | HarmonyOS5.0.0 |
Updated on: 2025-06-05
- en