August

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Security Bulletins for HUAWEI PCs, August 2025

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following HUAWEI patches:

CVE Vulnerability Description Impact Severity Affected Version
CVE-2025-54652 Path traversal vulnerability in the virtualization base module Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module. High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54653 Path traversal vulnerability in the virtualization file module Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module. High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54655 Race condition vulnerability in the virtualization base module Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module. High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54607 Authentication management vulnerability in the ArkWeb module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54622 Binding authentication bypass vulnerability in the devicemanager module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54627 Out-of-bounds write vulnerability in the skia module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54606 Status verification vulnerability in the lock screen module Successful exploitation of this vulnerability will affect availability and confidentiality. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54614 Input verification vulnerability in the home screen module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54615 Vulnerability of insufficient information protection in the media library module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54618 Permission control vulnerability in the distributed clipboard module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54619 Iterator failure issue in the multi-mode input module Successful exploitation of this vulnerability may cause iterator failures and affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54620 Deserialization vulnerability of untrusted data in the ability module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54623 Out-of-bounds read vulnerability in the devicemanager module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54624 Unexpected injection event vulnerability in the multimodalinput module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54625 Race condition vulnerability in the kernel file system module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54631 Vulnerability of insufficient data length verification in the partition module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54632 Vulnerability of insufficient data length verification in the HVB module Successful exploitation of this vulnerability may affect service integrity. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54608 Vulnerability that allows setting screen rotation direction without permission verification in the screen management module Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54639 ParcelMismatch vulnerability in attribute deserialization Successful exploitation of this vulnerability may cause playback control screen display exceptions. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54640 ParcelMismatch vulnerability in attribute deserialization Successful exploitation of this vulnerability may cause playback control screen display exceptions. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54645 Out-of-bounds array access issue due to insufficient data verification in the location service module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54646 Vulnerability of inadequate packet length check in the BLE module Successful exploitation of this vulnerability may affect performance. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54649 Vulnerability of using incompatible types to access resources in the location service Successful exploitation of this vulnerability may cause some location information attributes to be incorrect. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54650 Improper array index verification vulnerability in the audio codec module Successful exploitation of this vulnerability may affect the audio decoding function. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54609 Out-of-bounds access vulnerability in the audio codec module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54610 Out-of-bounds access vulnerability in the audio codec module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-54651 Race condition vulnerability in the kernel hufs module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.0.1, HarmonyOS5.0.2

This security update includes the following third-party library patches:

CVE Severity Affected Version
CVE-2025-21760 High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-23150 High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-37738 High HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2024-56763 Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-22005 Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-37749 Medium HarmonyOS5.0.1, HarmonyOS5.0.2
CVE-2025-37785 Low HarmonyOS5.0.1, HarmonyOS5.0.2

Updated on: 2025-08-05

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue