Harmonyos Huawei Harmonyos

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Huawei Harmonyos.

By the Year

In 2025 there have been 78 vulnerabilities in Huawei Harmonyos with an average score of 6.9 out of ten. Last year, in 2024 Harmonyos had 187 security vulnerabilities published. Right now, Harmonyos is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.27.




Year Vulnerabilities Average Score
2025 78 6.94
2024 187 6.67
2023 196 7.55
2022 257 7.54
2021 118 7.21
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Harmonyos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Huawei Harmonyos Security Vulnerabilities

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-58252 5.5 - Medium - May 06, 2025

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-46587 5.5 - Medium - May 06, 2025

Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Default Permissions

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-46588 7.7 - High - May 06, 2025

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-46589 7.1 - High - May 06, 2025

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability

CVE-2025-46590 6.5 - Medium - May 06, 2025

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions.

authentification

Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-46591 5.5 - Medium - May 06, 2025

Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds Read

Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46592 5.5 - Medium - May 06, 2025

Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability.

NULL Pointer Dereference

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46593 5.5 - Medium - May 06, 2025

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability.

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-46584 5.5 - Medium - May 06, 2025

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Improper Handling of Exceptional Conditions

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46585 7 - High - May 06, 2025

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.

Memory Corruption

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46586 5.5 - Medium - May 06, 2025

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.

Incorrect Default Permissions

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58106 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58107 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58108 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58109 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58110 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58111 7.5 - High - April 07, 2025

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58112 7.5 - High - April 07, 2025

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58113 7.5 - High - April 07, 2025

Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58115 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Memory Corruption

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58116 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Memory Corruption

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58124 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58125 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58126 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58127 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-31170 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-31171 5.5 - Medium - April 07, 2025

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-31172 5.5 - Medium - April 07, 2025

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-31173 6.5 - Medium - April 07, 2025

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-31174 7.5 - High - April 07, 2025

Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Directory traversal

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2025-31175 7.5 - High - April 07, 2025

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.

Marshaling, Unmarshaling

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58044 5.5 - Medium - March 04, 2025

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58045 4.7 - Medium - March 04, 2025

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability.

Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-58046 5.5 - Medium - March 04, 2025

Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-58047 5.5 - Medium - March 04, 2025

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58048 4.7 - Medium - March 04, 2025

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability.

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-58049 5.5 - Medium - March 04, 2025

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-58050 5.5 - Medium - March 04, 2025

Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-27521 5.5 - Medium - March 04, 2025

Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-58043 5.5 - Medium - March 04, 2025

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57960 7.5 - High - February 06, 2025

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-57959 9.8 - Critical - February 06, 2025

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Dangling pointer

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-57958 9.1 - Critical - February 06, 2025

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Out-of-bounds Read

Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57957 7.5 - High - February 06, 2025

Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Insertion of Sensitive Information into Log File

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-57956 7.5 - High - February 06, 2025

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.

Out-of-bounds Read

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57955 7.5 - High - February 06, 2025

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-12602 7.5 - High - February 06, 2025

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57954 7.5 - High - February 06, 2025

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-57961 9.8 - Critical - February 06, 2025

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Memory Corruption

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-57962 7.5 - High - February 06, 2025

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Huawei Harmonyos or by Huawei? Click the Watch button to subscribe.

Huawei
Vendor

subscribe