Deserialization Mismatch Vulnerability in DSoftBus Module by Huawei
CVE-2025-31175

7.5HIGH

Key Information:

Vendor: Huawei
Status: Harmonyos; Emui
Vendor: CVE Published:; 7 April 2025

What is CVE-2025-31175?

A deserialization mismatch vulnerability exists in the DSoftBus module developed by Huawei. This flaw allows an attacker to exploit inconsistencies in the deserialization process, potentially leading to impacts on service integrity. When successfully exploited, it may allow unauthorized actions, compromising the reliability of the service provided by the affected module. Addressing this vulnerability is crucial for maintaining the security posture of applications utilizing the DSoftBus module.

Affected Version(s)

EMUI 14.0.0

EMUI 13.0.0

EMUI 12.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/4/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Mar 27, 2025