CVE-2025-25277

Medium CVSS: 6.3

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.

Vendor

Openatom

Product

Openharmony

CWE

CWE-843

Yayın Tarihi

2026-03-16 14:17:57

Güncelleme

2026-03-17 19:56:01

Source Identifier

scy@openharmony.io

KEV Date Added

Kategoriler

CWE-843 Openharmony MEDIUM Openatom 2026

Referanslar

https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-11.md

Benzer Kayıtlar

Low

CVE-2026-0639

in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.

Medium

CVE-2025-6969

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

Medium

CVE-2025-52458

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through o…

Medium

CVE-2025-41432

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through o…

Low

CVE-2025-26474

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can…

Medium

CVE-2025-12736

in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitial…