Authentication Bypass Vulnerability in Huawei DeviceManager Module
CVE-2025-54622

8.3HIGH

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-54622?

The authentication bypass vulnerability in Huawei's DeviceManager module allows malicious actors to exploit weak authentication controls, potentially compromising the confidentiality of sensitive services. This vulnerability underscores the importance of robust authentication mechanisms in preventing unauthorized access and ensuring data protection.

Affected Version(s)

HarmonyOS 5.1.0

HarmonyOS 5.0.1

References

https://consumer.huawei.com/en/support/bulletin/2025/8/

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
Jul 28, 2025