Harmonyos Huawei Harmonyos

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Huawei Harmonyos.

By the Year

In 2025 there have been 101 vulnerabilities in Huawei Harmonyos with an average score of 6.7 out of ten. Last year, in 2024 Harmonyos had 187 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Harmonyos in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.07.




Year Vulnerabilities Average Score
2025 101 6.74
2024 187 6.67
2023 196 7.55
2022 257 7.54
2021 118 7.21
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Harmonyos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Huawei Harmonyos Security Vulnerabilities

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-53171 3.3 - Low - July 07, 2025

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-53172 3.3 - Low - July 07, 2025

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-53173 4.3 - Medium - July 07, 2025

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-53174 3.3 - Low - July 07, 2025

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-53175 3.3 - Low - July 07, 2025

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

CVE-2025-53176 3.3 - Low - July 07, 2025

Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2025-53179 7.5 - High - July 07, 2025

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

NULL Pointer Dereference

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2025-53180 7.5 - High - July 07, 2025

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

NULL Pointer Dereference

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2025-53181 7.5 - High - July 07, 2025

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

NULL Pointer Dereference

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2025-53182 7.5 - High - July 07, 2025

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

NULL Pointer Dereference

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2025-53183 7.5 - High - July 07, 2025

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

NULL Pointer Dereference

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2025-53184 7.5 - High - July 07, 2025

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

NULL Pointer Dereference

Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58114 - June 06, 2025

Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48902 - June 06, 2025

Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.

Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48903 - June 06, 2025

Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.

Vulnerability that cards

CVE-2025-48904 6.2 - Medium - June 06, 2025

Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types.

CVE-2025-48905 - June 06, 2025

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types.

Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48906 - June 06, 2025

Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.

Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48907 - June 06, 2025

Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.

Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48908 - June 06, 2025

Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.

Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-48909 - June 06, 2025

Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48910 - June 06, 2025

Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.

Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-48911 - June 06, 2025

Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-58252 5.5 - Medium - May 06, 2025

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-46587 5.5 - Medium - May 06, 2025

Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Default Permissions

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-46588 7.7 - High - May 06, 2025

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-46589 7.1 - High - May 06, 2025

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability

CVE-2025-46590 6.5 - Medium - May 06, 2025

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions.

authentification

Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-46591 5.5 - Medium - May 06, 2025

Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds Read

Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46592 5.5 - Medium - May 06, 2025

Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability.

NULL Pointer Dereference

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46593 5.5 - Medium - May 06, 2025

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability.

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-46584 5.5 - Medium - May 06, 2025

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Improper Handling of Exceptional Conditions

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46585 7 - High - May 06, 2025

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.

Memory Corruption

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-46586 5.5 - Medium - May 06, 2025

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.

Incorrect Default Permissions

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58112 7.5 - High - April 07, 2025

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2025-31175 7.5 - High - April 07, 2025

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.

Marshaling, Unmarshaling

Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-31174 7.5 - High - April 07, 2025

Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Directory traversal

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-31173 6.5 - Medium - April 07, 2025

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-31172 5.5 - Medium - April 07, 2025

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-31171 5.5 - Medium - April 07, 2025

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-31170 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58127 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58126 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58125 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58124 9.1 - Critical - April 07, 2025

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58107 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58109 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58108 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58115 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Memory Corruption

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58106 7.5 - High - April 07, 2025

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Huawei Harmonyos or by Huawei? Click the Watch button to subscribe.

Huawei
Vendor

subscribe