Security Bulletins for HUAWEI PCs, October 2025
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
| CVE | Vulnerability Description | Impact | Severity | Affected Version |
|---|---|---|---|---|
| CVE-2025-58287 | Use After Free (UAF) vulnerability in the office service | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58288 | Denial of service (DoS) vulnerability in the office service | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58298 | Data processing error vulnerability in the package management module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58300 | Buffer overflow vulnerability in the device management module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58301 | Buffer overflow vulnerability in the device management module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-54654 | Permission control vulnerability in the Gallery module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58283 | Permission control vulnerability in the Wi-Fi module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58284 | Permission control vulnerability in the network module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58285 | Permission control vulnerability in the media module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58286 | Denial of service (DoS) vulnerability in the office service | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58290 | ||||
| CVE-2025-58291 | ||||
| CVE-2025-58292 | ||||
| CVE-2025-58295 | Buffer overflow vulnerability in the development framework module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58297 | Buffer overflow vulnerability in the sensor service | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58299 | Use After Free (UAF) vulnerability in the storage management module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58289 | Vulnerability of improper exception handling in the print module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-58293 | Vulnerability of improper exception handling in the print module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
This security update includes the following third-party library patches:
| CVE | Severity | Affected Version |
|---|---|---|
| CVE-2025-38494 | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-38495 | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-41432 | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-52458 | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
Updated on: 2025-10-09