August

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following HUAWEI patches:

CVE Vulnerability Description Impact Severity Affected Version
CVE-2025-54607 Authentication management vulnerability in the ArkWeb module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54611 EXTRA_REFERRER resource read vulnerability in the Gallery module Successful exploitation of this vulnerability may affect service confidentiality. High HarmoyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-54622 Binding authentication bypass vulnerability in the devicemanager module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54627 Out-of-bounds write vulnerability in the skia module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54634 Vulnerability of improper processing of abnormal conditions in huge page separation Successful exploitation of this vulnerability may affect availability. High HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54606 Status verification vulnerability in the lock screen module Successful exploitation of this vulnerability will affect availability and confidentiality. Medium HarmonyOS5.0.1
CVE-2025-54608 Vulnerability that allows setting screen rotation direction without permission verification in the screen management module Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54609 Out-of-bounds access vulnerability in the audio codec module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54610 Out-of-bounds access vulnerability in the audio codec module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54612 Iterator failure vulnerability in the card management module Successful exploitation of this vulnerability may affect function stability. Medium HarmonyOS5.1.0
CVE-2025-54613 Iterator failure vulnerability in the card management module Successful exploitation of this vulnerability may affect function stability. Medium HarmonyOS5.1.0
CVE-2025-54614 Input verification vulnerability in the home screen module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54615 Vulnerability of insufficient information protection in the media library module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54616 Out-of-bounds array access vulnerability in the ArkUI framework Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0
CVE-2025-54617 Stack-based buffer overflow vulnerability in the dms_fwk module Successful exploitation of this vulnerability can cause RCE. Medium HarmonyOS5.1.0
CVE-2025-54618 Permission control vulnerability in the distributed clipboard module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54619 Iterator failure issue in the multi-mode input module Successful exploitation of this vulnerability may cause iterator failures and affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54620 Deserialization vulnerability of untrusted data in the ability module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54621 Iterator failure issue in the WantAgent module Successful exploitation of this vulnerability may cause memory release failures. Medium HarmonyOS5.1.0
CVE-2025-54623 Out-of-bounds read vulnerability in the devicemanager module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54624 Unexpected injection event vulnerability in the multimodalinput module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54625 Race condition vulnerability in the kernel file system module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54626 Pointer dangling vulnerability in the cjwindow module Successful exploitation of this vulnerability may affect function stability. Medium HarmonyOS5.1.0
CVE-2025-54628 Vulnerability of incomplete verification information in the communication module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1, HarmoyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.0.0
CVE-2025-54629 Race condition issue occurring in the physical page import process of the memory management module Successful exploitation of this vulnerability may affect service integrity. Medium HarmonyOS5.1.0, HarmonyOS5.0.1, HarmoyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.0.0
CVE-2025-54630 Vulnerability of insufficient data length verification in the DFA module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS4.3.0
CVE-2025-54631 Vulnerability of insufficient data length verification in the partition module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1, HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.0.0
CVE-2025-54632 Vulnerability of insufficient data length verification in the HVB module Successful exploitation of this vulnerability may affect service integrity. Medium HarmonyOS5.1.0, HarmonyOS5.0.1, HarmonyOS4.3.1, EMUI 15.0.0
CVE-2025-54633 Out-of-bounds read vulnerability in the register configuration of the DMA module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54635 Vulnerability of returning released pointers in the distributed notification service Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0
CVE-2025-54636 Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-54637 Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-54638 Issue of inconsistent read/write serialization in the ad module Successful exploitation of this vulnerability may affect the availability of the ad service. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54639 ParcelMismatch vulnerability in attribute deserialization Successful exploitation of this vulnerability may cause playback control screen display exceptions. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54640 ParcelMismatch vulnerability in attribute deserialization Successful exploitation of this vulnerability may cause playback control screen display exceptions. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54641 Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-54642 Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-54643 Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-54644 Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-54645 Out-of-bounds array access issue due to insufficient data verification in the location service module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54646 Vulnerability of inadequate packet length check in the BLE module Successful exploitation of this vulnerability may affect performance. Medium HarmonyOS5.1.0, HarmonyOS5.0.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-54647 Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0
CVE-2025-54648 Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.1.0
CVE-2025-54649 Vulnerability of using incompatible types to access resources in the location service Successful exploitation of this vulnerability may cause some location information attributes to be incorrect. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54650 Improper array index verification vulnerability in the audio codec module Successful exploitation of this vulnerability may affect the audio decoding function. Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-54651 Race condition vulnerability in the kernel hufs module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.1.0, HarmonyOS5.0.1

This security update includes the following third-party library patches:

CVE Severity Affected Version
CVE-2025-26449 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-26462 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-26443 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-26453 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-21760 High HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-23150 High HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-37738 High HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-26441 High HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-56763 Medium HarmonyOS5.0.1
CVE-2025-22005 Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-37749 Medium HarmonyOS5.1.0, HarmonyOS5.0.1
CVE-2025-37785 Low HarmonyOS5.1.0, HarmonyOS5.0.1

Updated on: 2025-08-05

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue