BLE Module DoS via packet length validation flaw
CVE-2025-54646 Published on August 6, 2025
Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance.
Vulnerability Analysis
CVE-2025-54646 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a length manipulation Vulnerability?
The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.
CVE-2025-54646 has been classified to as a length manipulation vulnerability or weakness.
Products Associated with CVE-2025-54646
stack.watch emails you whenever new vulnerabilities are published in Huawei Emui or Huawei Harmonyos. Just hit a watch button to start following.
Affected Versions
Huawei HarmonyOS:- Version 5.1.0 is affected.
- Version 5.0.1 is affected.
- Version 4.3.0 is affected.
- Version 4.2.0 is affected.
- Version 4.0.0 is affected.
- Version 3.1.0 is affected.
- Version 3.0.0 is affected.
- Version 2.1.0 is affected.
- Version 2.0.0 is affected.
- Version 14.0.0 is affected.
- Version 13.0.0 is affected.
- Version 12.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.