Insufficient Data Length Verification in HVB Module Affects Huawei Products
CVE-2025-54632

6.8MEDIUM

Key Information:

Vendor: Huawei
Status: Harmonyos; Emui
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-54632?

A vulnerability in the HVB module of Huawei products arises from insufficient verification of data length, which may allow attackers to exploit the system. Successful exploitation could compromise the integrity of services, potentially leading to unauthorized access or data manipulation. It is essential for users of affected versions to implement available patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

EMUI 15.0.0

HarmonyOS 5.1.0

HarmonyOS 5.0.1

References

https://consumer.huawei.com/en/support/bulletin/2025/8/

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
Jul 28, 2025