Security Bulletins for HUAWEI PCs, June 2025
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
| CVE | Vulnerability Description | Impact | Severity | Affected Version |
|---|---|---|---|---|
| CVE-2024-58114 | Resource allocation control failure vulnerability in the ArkUI framework | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-48904 | Vulnerability that cards can call unauthorized APIs in the FRS process | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-48905 | Wasm exception capture vulnerability in the arkweb v8 module | Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-48907 | Deserialization vulnerability in the IPC module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-31171 | File read permission bypass vulnerability in the kernel file system module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-48911 | Vulnerability of improper permission assignment in the note sharing module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-48908 | Ability Auto Startup service vulnerability in the foundation process | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.2 |
| CVE-2025-48910 | Buffer overflow vulnerability in the DFile module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
This security update includes the following third-party library patches:
| CVE | Severity | Affected Version |
|---|---|---|
| CVE-2025-26691 | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-27247 | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2024-57884 | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2024-58017 | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-21683 | Medium | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-23235 | Low | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-21082 | Low | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-26693 | Low | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-27242 | Low | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-20063 | Low | HarmonyOS5.0.1, HarmonyOS5.0.2 |
| CVE-2025-25217 | Low | HarmonyOS5.0.1, HarmonyOS5.0.2 |
Updated on: 2025-06-05