Permission Control Vulnerability in Huawei File Management Module
CVE-2025-64312

4.9MEDIUM

Key Information:

Vendor

Huawei
Status
Harmonyos
Vendor
CVE Published:
28 November 2025

What is CVE-2025-64312?

A significant permission control vulnerability exists within Huawei's File Management Module. This weakness can be exploited to compromise the confidentiality of services, potentially allowing unauthorized access to sensitive files. Users are urged to review their configurations and apply any necessary security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

HarmonyOS 5.1.0

HarmonyOS 5.0.1

HarmonyOS 6.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/11/

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64312 : Permission Control Vulnerability in Huawei File Management Module