Huawei Harmonyos
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Huawei Harmonyos.
By the Year
In 2025 there have been 78 vulnerabilities in Huawei Harmonyos with an average score of 6.9 out of ten. Last year, in 2024 Harmonyos had 187 security vulnerabilities published. Right now, Harmonyos is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.27.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 78 | 6.94 |
2024 | 187 | 6.67 |
2023 | 196 | 7.55 |
2022 | 257 | 7.54 |
2021 | 118 | 7.21 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Harmonyos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Huawei Harmonyos Security Vulnerabilities
Vulnerability of insufficient information protection in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58252
5.5 - Medium
- May 06, 2025
Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46587
5.5 - Medium
- May 06, 2025
Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Incorrect Default Permissions
Vulnerability of unauthorized access in the app lock module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2025-46588
7.7 - High
- May 06, 2025
Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Vulnerability of unauthorized access in the app lock module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2025-46589
7.1 - High
- May 06, 2025
Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Bypass vulnerability in the network search instruction authentication module
Impact: Successful exploitation of this vulnerability
CVE-2025-46590
6.5 - Medium
- May 06, 2025
Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions.
authentification
Out-of-bounds data read vulnerability in the authorization module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46591
5.5 - Medium
- May 06, 2025
Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Out-of-bounds Read
Null pointer dereference vulnerability in the USB HDI driver module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-46592
5.5 - Medium
- May 06, 2025
Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability.
NULL Pointer Dereference
Process residence vulnerability in abnormal scenarios in the print module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-46593
5.5 - Medium
- May 06, 2025
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability.
Vulnerability of improper authentication logic implementation in the file system module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46584
5.5 - Medium
- May 06, 2025
Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Improper Handling of Exceptional Conditions
Out-of-bounds array read/write vulnerability in the kernel module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-46585
7 - High
- May 06, 2025
Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.
Memory Corruption
Permission control vulnerability in the contacts module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-46586
5.5 - Medium
- May 06, 2025
Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.
Incorrect Default Permissions
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58106
7.5 - High
- April 07, 2025
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
Classic Buffer Overflow
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58107
7.5 - High
- April 07, 2025
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
Classic Buffer Overflow
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58108
7.5 - High
- April 07, 2025
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
Classic Buffer Overflow
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58109
7.5 - High
- April 07, 2025
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
Classic Buffer Overflow
Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58110
7.5 - High
- April 07, 2025
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
Classic Buffer Overflow
Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58111
7.5 - High
- April 07, 2025
Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58112
7.5 - High
- April 07, 2025
Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
Vulnerability of improper resource management in the memory management module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58113
7.5 - High
- April 07, 2025
Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.
Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58115
7.5 - High
- April 07, 2025
Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
Memory Corruption
Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58116
7.5 - High
- April 07, 2025
Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
Memory Corruption
Access control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58124
9.1 - Critical
- April 07, 2025
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Authentication Bypass by Spoofing
Access control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58125
9.1 - Critical
- April 07, 2025
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Authentication Bypass by Spoofing
Access control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58126
9.1 - Critical
- April 07, 2025
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Authentication Bypass by Spoofing
Access control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-58127
9.1 - Critical
- April 07, 2025
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Authentication Bypass by Spoofing
Access control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2025-31170
9.1 - Critical
- April 07, 2025
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Authentication Bypass by Spoofing
File read permission bypass vulnerability in the kernel file system module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31171
5.5 - Medium
- April 07, 2025
File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Memory write permission bypass vulnerability in the kernel futex module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31172
5.5 - Medium
- April 07, 2025
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Memory write permission bypass vulnerability in the kernel futex module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31173
6.5 - Medium
- April 07, 2025
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Path traversal vulnerability in the DFS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31174
7.5 - High
- April 07, 2025
Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Directory traversal
Deserialization mismatch vulnerability in the DSoftBus module
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2025-31175
7.5 - High
- April 07, 2025
Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.
Marshaling, Unmarshaling
Permission verification bypass vulnerability in the notification module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58044
5.5 - Medium
- March 04, 2025
Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.
Multi-concurrency vulnerability in the media digital copyright protection module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58045
4.7 - Medium
- March 04, 2025
Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability.
Permission management vulnerability in the lock screen module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58046
5.5 - Medium
- March 04, 2025
Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58047
5.5 - Medium
- March 04, 2025
Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Multi-thread problem vulnerability in the package management module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58048
4.7 - Medium
- March 04, 2025
Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability.
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58049
5.5 - Medium
- March 04, 2025
Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of improper access permission in the HDC module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58050
5.5 - Medium
- March 04, 2025
Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of improper access permission in the process management module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-27521
5.5 - Medium
- March 04, 2025
Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission bypass vulnerability in the window module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-58043
5.5 - Medium
- March 04, 2025
Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Input verification vulnerability in the ExternalStorageProvider module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-57960
7.5 - High
- February 06, 2025
Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Use-After-Free (UAF) vulnerability in the display module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-57959
9.8 - Critical
- February 06, 2025
Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
Dangling pointer
Out-of-bounds array read vulnerability in the FFRT module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-57958
9.1 - Critical
- February 06, 2025
Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
Out-of-bounds Read
Vulnerability of improper log information control in the UI framework module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-57957
7.5 - High
- February 06, 2025
Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Insertion of Sensitive Information into Log File
Out-of-bounds read vulnerability in the interpreter string module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-57956
7.5 - High
- February 06, 2025
Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.
Out-of-bounds Read
Arbitrary write vulnerability in the Gallery module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-57955
7.5 - High
- February 06, 2025
Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Identity verification vulnerability in the ParamWatcher module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-12602
7.5 - High
- February 06, 2025
Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-57954
7.5 - High
- February 06, 2025
Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Out-of-bounds write vulnerability in the emcom module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-57961
9.8 - Critical
- February 06, 2025
Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
Memory Corruption
Vulnerability of incomplete verification information in the VPN service module
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-57962
7.5 - High
- February 06, 2025
Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Huawei Harmonyos or by Huawei? Click the Watch button to subscribe.
