Emui Huawei Emui

  1. Vendors
  2. Huawei
  3. Emui

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Huawei Emui.

By the Year

In 2026 there have been 12 vulnerabilities in Huawei Emui with an average score of 6.3 out of ten. Last year, in 2025 Emui had 40 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Emui in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.67




Year Vulnerabilities Average Score
2026 12 6.31
2025 40 6.98
2024 142 6.52
2023 224 7.43
2022 237 7.56
2021 140 7.65

It may take a day or so for new Emui vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Huawei Emui Security Vulnerabilities

Huawei HarmonyOS SysService Framework Permission Bypass
CVE-2026-28542 7.3 - High - March 05, 2026

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.

Improper Handling of Exceptional Conditions

Huawei Email App Improper Verification may Expose Service Confidential
CVE-2026-28548 7.1 - High - March 05, 2026

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Improper Privilege Management

Huawei IMS Module OOB Write Availability Impact
CVE-2026-28552 6.5 - Medium - March 05, 2026

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.

Data Processing Errors

OOB Write in File System Module CVE-2026-24928
CVE-2026-24928 5.8 - Medium - February 06, 2026

Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Integer Overflow to Buffer Overflow

CVE-2026-24927: OOB Access in FM Mod Module Availability Risk
CVE-2026-24927 5.5 - Medium - February 06, 2026

Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.

Dangling pointer

Permission Control Vulnerability in AMS Module
CVE-2026-24920 6.2 - Medium - February 06, 2026

Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.

Permissions, Privileges, and Access Controls

DFX Module OOB Write Vulnerability
CVE-2026-24919 6 - Medium - February 06, 2026

Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability.

Memory Corruption

UAF in Security Module via CVE-2026-24917
CVE-2026-24917 6.5 - Medium - February 06, 2026

UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.

Dangling pointer

AR CVE-2026-24918: Address Read Vulnerability in Comm Module
CVE-2026-24918 6.8 - Medium - February 06, 2026

Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

NULL Pointer Dereference

Huawei MediaLib: Permission Bypass in Media Library Module
CVE-2025-68959 6.2 - Medium - January 14, 2026

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure

Huawei Media Library Module Permission Bypass (CVE-2025-68970)
CVE-2025-68970 6.1 - Medium - January 14, 2026

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Improper Input Validation

MI-M Attack on Huawei Clone Module
CVE-2025-68963 5.7 - Medium - January 14, 2026

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Weak Password Requirements

Window Management Module Permission Control Vulnerability (CVE-2025-66329)
CVE-2025-66329 4 - Medium - December 08, 2025

Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.

Permissions, Privileges, and Access Controls

Permission Control Vulnerability in Package Manager
CVE-2025-66325 6.2 - Medium - December 08, 2025

Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permissions, Privileges, and Access Controls

USB Driver Module UAF Vulnerability
CVE-2025-58311 5.8 - Medium - November 28, 2025

UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

Dangling pointer

CVE-2025-58302: Settings Module Permission Control Vulnerability
CVE-2025-58302 8.4 - High - November 28, 2025

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permissions, Privileges, and Access Controls

Component Driver Module Invalid Memory Access (CVE-2025-58314)
CVE-2025-58314 6.6 - Medium - November 28, 2025

Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

Out-of-bounds Read

BLE Module DoS via packet length validation flaw
CVE-2025-54646 4.3 - Medium - August 06, 2025

Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance.

Linux Kernel Buffer Overflow in Accel Module – DoS
CVE-2025-54641 5.5 - Medium - August 06, 2025

Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Linux Kernel Gyroscope Driver Buffer Overflow (CVE-2025-54642)
CVE-2025-54642 5.5 - Medium - August 06, 2025

Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Kernel Drop Detection Module Buffer Overflow (CVE-2025-54636)
CVE-2025-54636 5.5 - Medium - August 06, 2025

Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Impact: Successful exploitation of this vulnerability may affect availability.

OOB Array Access in Linux kernel ambient light module
CVE-2025-54637 5.5 - Medium - August 06, 2025

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Referrer-based Resource Read Vulnerability in Gallery Module (CVE-2025-54611)
CVE-2025-54611 5.5 - Medium - August 06, 2025

EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-53177: Permission Bypass in Calendar Storage Module (Watch Sync)
CVE-2025-53177 - July 07, 2025

Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.

Permission Bypass in Calendar Storage Module of Car Head Units
CVE-2025-53178 - July 07, 2025

Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.

Virtual Address Reuse LPE in Linux Kernel
CVE-2025-53185 5.5 - Medium - July 07, 2025

Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.

Android Audio Framework: Unverified Broadcasts by 3rd-Party Call Apps
CVE-2025-53186 6.2 - Medium - July 07, 2025

Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.

Uncontrolled System Resource Leak in Settings Module (CVE-2025-48902)
CVE-2025-48902 - June 06, 2025

Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.

ACV in Security Verification Module Exposes Integrity & Confidentiality
CVE-2024-58124 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Deserialization Mismatch in OpenHarmony DSoftBus Module
CVE-2025-31175 7.5 - High - April 07, 2025

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.

Marshaling, Unmarshaling

CVE-2025-31170: Access Control Flaw in Security Verification Module
CVE-2025-31170 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Unknown Access Control Flaw in Sec Verification Module (CVE-2024-58127)
CVE-2024-58127 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access Control Flaw in Security Verification Module (CVE-2024-58125)
CVE-2024-58125 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access Control Bypass in Security Verification Module (CVE-2024-58126)
CVE-2024-58126 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Permission Bypass in Notification Module Impacting Availability
CVE-2024-58044 5.5 - Medium - March 04, 2025

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.

Permission Bypass via Window Module in Electron
CVE-2024-58043 5.5 - Medium - March 04, 2025

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57960 Android ExternalStorageProvider Input Verification Flaw
CVE-2024-57960 7.5 - High - February 06, 2025

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57961: OOB Write in Android emcom Module Causes Abnormal Features
CVE-2024-57961 9.8 - Critical - February 06, 2025

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Memory Corruption

CVE-2024-57958: OOB Array Read in FFRT Module
CVE-2024-57958 9.1 - Critical - February 06, 2025

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Out-of-bounds Read

UAF in Display Module
CVE-2024-57959 9.8 - Critical - February 06, 2025

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Dangling pointer

Android: Improper Access Control in Home Screen Widget
CVE-2024-56448 7.5 - High - January 08, 2025

Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability.

Privilege Escalation in Account Module of Unknown Service (CVE-2024-56449)
CVE-2024-56449 7.5 - High - January 08, 2025

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Buffer overflow in component driver module
CVE-2024-56450 5.5 - Medium - January 08, 2025

Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Path Traversal in Medialibrary module (Unknown Product)
CVE-2023-52953 9.1 - Critical - January 08, 2025

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Directory traversal

Improper MAddr Prot. in HUKS Module May Cause DoS
CVE-2024-56438 6 - Medium - January 08, 2025

Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability.

Buffer Overflow

CVE-2024-56440: Permission Control Vulnerability in Connectivity Module
CVE-2024-56440 7.5 - High - January 08, 2025

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Incorrect Default Permissions

Race Cond. in Bastet Mod. (CVE-2024-56441)
CVE-2024-56441 5.9 - Medium - January 08, 2025

Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Race Condition

CVE-2024-56442: Android NFC Service Native API Not Implemented Vulnerability
CVE-2024-56442 7.5 - High - January 08, 2025

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-56447: Improper Permission Control in Windows Window Mngr
CVE-2024-56447 7.5 - High - January 08, 2025

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Default Permissions

Improper Permission Control in Gallery Module (CVE-2023-52954)
CVE-2023-52954 7.5 - High - January 08, 2025

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability.

Incorrect Default Permissions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Huawei Emui or by Huawei? Click the Watch button to subscribe.

Huawei
Vendor

Huawei Emui
Product

subscribe