Improper Log Information Control Vulnerability in Huawei UI Framework
CVE-2024-57957

6.6MEDIUM

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 6 February 2025

Summary

The Huawei UI framework module is plagued by a vulnerability that arises from improper handling of log information. This can potentially lead to unauthorized access to sensitive information, compromising service confidentiality. Exploiting this weakness may allow attackers to gain access to logs that should be restricted, showcasing a significant risk for organizations using this framework. Effective mitigation strategies are essential to safeguard against such exploits.

Affected Version(s)

HarmonyOS 5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/2/

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Jan 22, 2025