CVE-2025-68959
Permission Bypass in Media Library Module Risks Data Confidentiality
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | 6.0.0 |
| huawei | harmonyos | 4.3.0 |
| huawei | harmonyos | 5.1.1 |
| huawei | harmonyos | From 4.3.0 (inc) to 6.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a permission verification bypass in the media library module of Huawei devices running HarmonyOS 4.3.0. It allows an attacker to bypass permission checks, potentially gaining unauthorized access to media library services. [3]
How can this vulnerability impact me? :
Successful exploitation of this vulnerability may compromise service confidentiality, meaning sensitive media data or services could be exposed to unauthorized parties. [3]
What immediate steps should I take to mitigate this vulnerability?
Apply the latest security update for HarmonyOS 4.3.0 that addresses CVE-2025-68959, as detailed in the January 2026 Huawei security bulletin. This update patches the permission verification bypass vulnerability in the media library module and is part of Huawei's ongoing monthly security maintenance for flagship models. [3]