Out-of-Bounds Array Access Vulnerability in Huawei Location Service Module
CVE-2025-54645

5MEDIUM

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-54645?

An out-of-bounds array access vulnerability exists within the Huawei location service module due to inadequate data verification processes. Malicious actors can exploit this issue to disrupt system availability, posing significant risks to applications relying on this service. Ensuring appropriate patches and mitigations are applied is crucial for maintaining security and stability.

Affected Version(s)

HarmonyOS 5.1.0

HarmonyOS 5.0.1

References

https://consumer.huawei.com/en/support/bulletin/2025/8/

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
Jul 28, 2025