CVE-2025-25278
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-12
Assigner: OpenHarmony
Description
Description
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openatom | openharmony | to 5.0.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenHarmony v5.0.3 and earlier allows a local attacker to execute arbitrary code within the trusted computing base (TCB) by exploiting a race condition.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could execute arbitrary code with elevated privileges, potentially leading to system compromise, denial of service, or unauthorized access to sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70