Security Bulletins for HUAWEI Phones/Tablets, January 2026
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
| CVE | Vulnerability Description | Impact | Severity | Affected Version |
|---|---|---|---|---|
| CVE-2025-68955 | Multi-thread race condition vulnerability in the card framework module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS6.0.0 |
| CVE-2025-68956 | ||||
| CVE-2025-68957 | ||||
| CVE-2025-68958 | ||||
| CVE-2025-68960 | Multi-thread race condition vulnerability in the video framework module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.1 |
| CVE-2025-68961 | Multi-thread race condition vulnerability in the camera framework module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1 |
| CVE-2025-68962 | Multi-thread race condition vulnerability in the camera framework module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.1 |
| CVE-2025-68968 | Double free vulnerability in the multi-mode input module | Successful exploitation of this vulnerability may affect the input function. | High | HarmonyOS6.0.0 |
| CVE-2025-68969 | Multi-thread race condition vulnerability in the thermal management module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1 |
| CVE-2025-68963 | Man-in-the-middle attack vulnerability in the Clone module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.3.1, EMUI 15.0.0 |
| CVE-2025-68964 | Data verification vulnerability in the HiView module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1 |
| CVE-2025-68965 | Permission control vulnerability in the Notepad module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS6.0.0, HarmonyOS5.1.0 |
| CVE-2025-68966 | ||||
| CVE-2025-68967 | Vulnerability of improper permission control in the print module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS6.0.0 |
| CVE-2025-68970 | Permission verification bypass vulnerability in the media library module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2025-68959 |
This security update includes the following third-party library patches:
| CVE | Severity | Affected Version |
|---|---|---|
| CVE-2025-48536 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48564 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48565 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48566 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48575 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0 |
| CVE-2025-48580 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48588 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-48596 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48599 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48603 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48607 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48615 | High | HarmonyOS4.3.1, EMUI 15.0.0 |
| CVE-2025-48620 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-48628 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-48629 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-48633 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2024-49711 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2023-24023 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 12.0.0 |
| CVE-2025-0089 | High | HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2025-40035 | Medium | HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1 |
| CVE-2025-40105 | Medium | HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS5.0.1 |
Updated on: 2026-01-07