App Lock Verification Bypass in File Management App by Huawei
CVE-2025-66330

4.9MEDIUM

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-66330?

A vulnerability exists in the file management application developed by Huawei that allows unauthorized bypass of app lock verification. Exploiting this issue may compromise the confidentiality of user data, potentially exposing sensitive information to unauthorized access. Users are advised to remain vigilant and apply any updates or patches provided by the vendor to mitigate risks associated with this vulnerability.

Affected Version(s)

HarmonyOS 5.1.0

HarmonyOS 5.0.1

HarmonyOS 6.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/12/

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Nov 27, 2025

JSON