Openatom Openharmony
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Openatom Openharmony.
By the Year
In 2026 there have been 0 vulnerabilities in Openatom Openharmony. Last year, in 2025 Openharmony had 56 security vulnerabilities published. Right now, Openharmony is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 56 | 6.21 |
| 2024 | 61 | 6.73 |
| 2023 | 17 | 6.66 |
| 2022 | 5 | 5.24 |
It may take a day or so for new Openharmony vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Openatom Openharmony Security Vulnerabilities
OpenHarmony v5.0.3 and prior - UAF in tcb
CVE-2025-24298
7.8 - High
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Dangling pointer
OpenHarmony v5.0.3 Local DOS via missing memory release
CVE-2025-24844
5.5 - Medium
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Memory Leak
OpenHarmony v5.0.3 Local DOS via Memory Leak
CVE-2025-24925
5.5 - Medium
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Memory Leak
OpenHarmony <5.0.3 Local DOS via Improper Input
CVE-2025-25212
5.5 - Medium
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
Improper Input Validation
CVE-2025-25278: OpenHarmony v5.0.3 Local RCE via tcb race condition
CVE-2025-25278
7 - High
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Race Condition
OpenHarmony v5.0.3 and prior: Local DOS via NULL pointer dereference
CVE-2025-26690
5.5 - Medium
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
NULL Pointer Dereference
OpenHarmony <=5.0.3 Local AUE via tcb
CVE-2025-27128
7.8 - High
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Dangling pointer
OpenHarmony v5.0.3 and earlier: Local Type Confusion DoS
CVE-2025-27536
5.5 - Medium
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
Object Type Confusion
OpenHarmony <5.0.3: Local DOS via memory leak
CVE-2025-27562
5.5 - Medium
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Memory Leak
OpenHarmony v5.0.3 and earlier Local RCE via race in tcb
CVE-2025-27577
7 - High
- August 11, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Race Condition
OpenHarmony <=5.0.3 Type Confusion Crash via Local Attacker (CVE-2025-20063)
CVE-2025-20063
5.5 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
Object Type Confusion
OpenHarmony <=5.0.3 Local Crash via Type Confusion
CVE-2025-21082
5.5 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
Object Type Confusion
OpenHarmony <=5.0.3 Local DOS via OOB Read
CVE-2025-23235
5.5 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Out-of-bounds Read
OpenHarmony v5.0.3 and prior: local info leak via race condition
CVE-2025-24493
4.7 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
Race Condition
OpenHarmony v5.0.3 (or prior) - Local DOS via NULL pointer deref
CVE-2025-25217
5.5 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
NULL Pointer Dereference
OpenHarmony 5.0.3 Local Info Leak via Permission Check
CVE-2025-26691
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Improper Preservation of Permissions
OpenHarmony <=5.0.3 Local Info Leak via Permission Get API
CVE-2025-26693
5.5 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Improper Preservation of Permissions
OpenHarmony <5.0.3 Local DOS via Improper Input
CVE-2025-27131
5.5 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
Improper Input Validation
OpenHarmony 5.0.3 Local DOS via Improper Input Handling
CVE-2025-27242
5.5 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
Improper Input Validation
OpenHarmony v5.0.3 and earlier: Local Info Leak via GetPermission
CVE-2025-27247
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Improper Preservation of Permissions
OpenHarmony <5.0.3 Local Info Leak via getPermission
CVE-2025-27563
5.5 - Medium
- June 08, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Improper Preservation of Permissions
OpenHarmony v5.0.3 and earlier: Local ATTACKER can DOS via mem leak
CVE-2025-22886
5.5 - Medium
- May 06, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Memory Leak
OpenHarmony v5.0.3 & prior Local DOS via Buffer Overflow
CVE-2025-25052
5.5 - Medium
- May 06, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.
Classic Buffer Overflow
OpenHarmony 5.0.3 and earlier Local DOS via NULL Pointer Deref
CVE-2025-25218
5.5 - Medium
- May 06, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
NULL Pointer Dereference
OpenHarmony v5.0.3 Local OOB Write Allows Arbitrary Code Execution
CVE-2025-27132
7.8 - High
- May 06, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Memory Corruption
OpenHarmony 5.0.3 Local DOS via NULL Pointer Deref
CVE-2025-27241
5.5 - Medium
- May 06, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
NULL Pointer Dereference
OpenHarmony Denial-of-Service via NULL Pointer Dereference v5.0.3
CVE-2025-27248
5.5 - Medium
- May 06, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
NULL Pointer Dereference
OpenHarmony v5.0.2- Pre-installed Apps Integer Overflow -> Arbitrary Code Exec
CVE-2025-0587
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.
Integer Overflow or Wraparound
Local A/C Execution via OOB write in OpenHarmony <=5.0.2
CVE-2025-24309
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Memory Corruption
OpenHarmony v5.0.2 and earlier Use-After-Free leading to local AUC
CVE-2025-24301
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
Dangling pointer
OOB Write in OpenHarmony Pre-installed Apps (<=5.0.2) => Arbitrary Code Exec
CVE-2025-23420
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Memory Corruption
OpenHarmony 5.0.2 Local DOS via OOB Read
CVE-2025-23418
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Out-of-bounds Read
OpenHarmony v5.0.2 & Prior UAF in Pre-Installed Apps Enables LACE
CVE-2025-23414
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
Dangling pointer
Arbitrary Code Exec via ALE in OpenHarmony <5.0.2
CVE-2025-23409
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
Dangling pointer
OpenHarmony 5.0.2 Local OOB Write for Arbitrary Code Exec in Pre-installed Apps
CVE-2025-23240
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Memory Corruption
OpenHarmony <5.0.2: Local DOS via Buffer Overflow
CVE-2025-23234
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.
Classic Buffer Overflow
OpenHarmony v5.0.2 and earlier Local DOS via Buffer Overflow
CVE-2025-22897
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.
Classic Buffer Overflow
OpenHarmony v5.0.2 & prior: OOB Read -> Local DOS
CVE-2025-22847
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Out-of-bounds Read
OpenHarmony Local DoS via OOB Read before v5.0.2
CVE-2025-22841
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Out-of-bounds Read
OpenHarmony v5.0.2- Prior Local NULL Pointer Deref DOS
CVE-2025-22837
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
NULL Pointer Dereference
OpenHarmony v5.0.2 & earlier NULL ptr Deref in pre-installed apps allows Lcl AOE
CVE-2025-21084
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.
NULL Pointer Dereference
OpenHarmony 5.0.2 CVE-2025-22835: Local OOB Write for Arbitrary Code Exec
CVE-2025-22835
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Memory Corruption
OpenHarmony v5.0.2 Local OOB Read Info Leak
CVE-2025-21098
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.
Insecure Storage of Sensitive Information
OpenHarmony <=5.0.2 Local DOS via NULL Ptr Deref (CVE-2025-21097)
CVE-2025-21097
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
NULL Pointer Dereference
OpenHarmony v5.0.2-prior: Local OOB Read Leads to DOS (CVE-2025-21089)
CVE-2025-21089
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Out-of-bounds Read
OpenHarmony v5.0.2 or earlier: Use-after-free in pre-installed apps allows local AUC
CVE-2025-20091
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
Dangling pointer
Denial of Service via OOB Read in OpenHarmony v5.0.2 and earlier
CVE-2025-22443
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Out-of-bounds Read
OpenHarmony v5.0.2 Local DoS via OOB Read
CVE-2025-20021
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Out-of-bounds Read
OpenHarmony v5.0.2-: Local UAF in Pre-Installed Apps => Code Exec
CVE-2025-20626
7.8 - High
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
Dangling pointer
Local OOB Read Info Leak in OpenHarmony 5.0.2 and earlier
CVE-2025-20042
5.5 - Medium
- March 04, 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Openatom Openharmony or by Openatom? Click the Watch button to subscribe.
