Local Privilege Escalation Flaw in OpenHarmony by OpenHarmony Foundation
CVE-2025-0304

8.8HIGH

Key Information:

Vendor: Openharmony
Status: Openharmony
Vendor: CVE Published:; 7 February 2025

Summary

A local privilege escalation vulnerability in OpenHarmony versions v4.1.2 and earlier enables an attacker to escalate permissions to root level. This exploitation can lead to sensitive information leakage due to a use after free condition, which occurs when a program continues to use a pointer after the memory it points to has been freed. Proper safeguards and patching are essential to mitigate this risk.

Affected Version(s)

OpenHarmony v4.1.0 <= 4.1.2

References

https://gitee.com/openharmony/security/blob/master/zh/sec...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Jan 7, 2025