Security Bulletins for HUAWEI Phones/Tablets, August 2025
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
CVE | Vulnerability Description | Impact | Severity | Affected Version |
---|---|---|---|---|
CVE-2025-54607 | Authentication management vulnerability in the ArkWeb module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54611 | EXTRA_REFERRER resource read vulnerability in the Gallery module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmoyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-54622 | Binding authentication bypass vulnerability in the devicemanager module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54627 | Out-of-bounds write vulnerability in the skia module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54634 | Vulnerability of improper processing of abnormal conditions in huge page separation | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54606 | Status verification vulnerability in the lock screen module | Successful exploitation of this vulnerability will affect availability and confidentiality. | Medium | HarmonyOS5.0.1 |
CVE-2025-54608 | Vulnerability that allows setting screen rotation direction without permission verification in the screen management module | Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54609 | Out-of-bounds access vulnerability in the audio codec module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54610 | Out-of-bounds access vulnerability in the audio codec module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54612 | Iterator failure vulnerability in the card management module | Successful exploitation of this vulnerability may affect function stability. | Medium | HarmonyOS5.1.0 |
CVE-2025-54613 | Iterator failure vulnerability in the card management module | Successful exploitation of this vulnerability may affect function stability. | Medium | HarmonyOS5.1.0 |
CVE-2025-54614 | Input verification vulnerability in the home screen module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54615 | Vulnerability of insufficient information protection in the media library module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54616 | Out-of-bounds array access vulnerability in the ArkUI framework | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0 |
CVE-2025-54617 | Stack-based buffer overflow vulnerability in the dms_fwk module | Successful exploitation of this vulnerability can cause RCE. | Medium | HarmonyOS5.1.0 |
CVE-2025-54618 | Permission control vulnerability in the distributed clipboard module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54619 | Iterator failure issue in the multi-mode input module | Successful exploitation of this vulnerability may cause iterator failures and affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54620 | Deserialization vulnerability of untrusted data in the ability module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54621 | Iterator failure issue in the WantAgent module | Successful exploitation of this vulnerability may cause memory release failures. | Medium | HarmonyOS5.1.0 |
CVE-2025-54623 | Out-of-bounds read vulnerability in the devicemanager module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54624 | Unexpected injection event vulnerability in the multimodalinput module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54625 | Race condition vulnerability in the kernel file system module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54626 | Pointer dangling vulnerability in the cjwindow module | Successful exploitation of this vulnerability may affect function stability. | Medium | HarmonyOS5.1.0 |
CVE-2025-54628 | Vulnerability of incomplete verification information in the communication module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1, HarmoyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.0.0 |
CVE-2025-54629 | Race condition issue occurring in the physical page import process of the memory management module | Successful exploitation of this vulnerability may affect service integrity. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1, HarmoyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.0.0 |
CVE-2025-54630 | Vulnerability of insufficient data length verification in the DFA module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS4.3.0 |
CVE-2025-54631 | Vulnerability of insufficient data length verification in the partition module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1, HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.0.0 |
CVE-2025-54632 | Vulnerability of insufficient data length verification in the HVB module | Successful exploitation of this vulnerability may affect service integrity. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1, HarmonyOS4.3.1, EMUI 15.0.0 |
CVE-2025-54633 | Out-of-bounds read vulnerability in the register configuration of the DMA module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54635 | Vulnerability of returning released pointers in the distributed notification service | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0 |
CVE-2025-54636 | Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-54637 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-54638 | Issue of inconsistent read/write serialization in the ad module | Successful exploitation of this vulnerability may affect the availability of the ad service. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54639 | ParcelMismatch vulnerability in attribute deserialization | Successful exploitation of this vulnerability may cause playback control screen display exceptions. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54640 | ParcelMismatch vulnerability in attribute deserialization | Successful exploitation of this vulnerability may cause playback control screen display exceptions. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54641 | Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-54642 | Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-54643 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-54644 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2025-54645 | Out-of-bounds array access issue due to insufficient data verification in the location service module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54646 | Vulnerability of inadequate packet length check in the BLE module | Successful exploitation of this vulnerability may affect performance. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-54647 | Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0 |
CVE-2025-54648 | Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.1.0 |
CVE-2025-54649 | Vulnerability of using incompatible types to access resources in the location service | Successful exploitation of this vulnerability may cause some location information attributes to be incorrect. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54650 | Improper array index verification vulnerability in the audio codec module | Successful exploitation of this vulnerability may affect the audio decoding function. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-54651 | Race condition vulnerability in the kernel hufs module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
This security update includes the following third-party library patches:
CVE | Severity | Affected Version |
---|---|---|
CVE-2025-26449 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-26462 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-26443 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-26453 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2025-21760 | High | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-23150 | High | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-37738 | High | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-26441 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-56763 | Medium | HarmonyOS5.0.1 |
CVE-2025-22005 | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-37749 | Medium | HarmonyOS5.1.0, HarmonyOS5.0.1 |
CVE-2025-37785 | Low | HarmonyOS5.1.0, HarmonyOS5.0.1 |
Updated on: 2025-08-05
- en