Multi-Thread Race Condition Vulnerability in Huawei Card Framework Module
CVE-2025-68956

8HIGH

Key Information:

Vendor

Huawei
Status
Harmonyos
Vendor
CVE Published:
14 January 2026

What is CVE-2025-68956?

A multi-thread race condition vulnerability has been identified in Huawei's Card Framework Module. This vulnerability may allow an attacker to exploit timing discrepancies during concurrent operations, potentially leading to service availability issues. Users are advised to apply security updates as they become available to mitigate risks associated with this vulnerability.

Affected Version(s)

HarmonyOS 6.0.0

References

https://consumer.huawei.com/en/support/bulletin/2026/1//
https://consumer.huawei.com/en/support/bulletinlaptops/20...
https://consumer.huawei.com/en/support/bulletinwearables/...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.