CVE-2025-54654
BaseFortify
Publication date: 2025-10-11
Last updated on: 2025-10-16
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | 5.0.1 |
| huawei | harmonyos | 5.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-264 | Permissions, Privileges, and Access Controls |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a permission control flaw in the Gallery module of Huawei devices running HarmonyOS versions 5.1.0 and 5.0.1. It allows unauthorized users to potentially access or perform actions within the Gallery application without proper permissions, compromising service confidentiality. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability may lead to unauthorized access or actions within the Gallery application, which can compromise the confidentiality of services and potentially expose sensitive information stored or managed by the Gallery module. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the October 2025 Huawei security update that addresses this vulnerability in the Gallery module for HarmonyOS versions 5.1.0 and 5.0.1. This update includes patches that fix the permission control issue and help prevent unauthorized access or actions within the Gallery application. [1]