Permission Verification Bypass in Huawei Media Library Module
CVE-2025-68959

6.2MEDIUM

Key Information:

Vendor

Huawei
Status
Harmonyos
Emui
Vendor
CVE Published:
14 January 2026

What is CVE-2025-68959?

A vulnerability exists in the media library module of Huawei products that allows attackers to bypass permission verification mechanisms. This could potentially enable unauthorized access to sensitive information, compromising the confidentiality of services. Attackers exploiting this flaw can gain access to restricted files or data that should be off-limits, posing a significant threat to user privacy and security.

Affected Version(s)

EMUI 15.0.0

EMUI 14.2.0

EMUI 14.0.0

References

https://consumer.huawei.com/en/support/bulletin/2026/1//
https://consumer.huawei.com/en/support/bulletinwearables/...
https://consumer.huawei.com/en/support/bulletinvision/202...

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.