CVE-2025-68965
Permission Control Vulnerability in Notepad Module Risks Data Confidentiality
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | From 6.0.0 (inc) |
| huawei | harmonyos | From 4.3.0 (inc) |
| huawei | harmonyos | From 5.1.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a permission control vulnerability located in the Notepad module of Huawei's HarmonyOS. It means that the system's permission controls in this module are flawed, potentially allowing unauthorized access or actions within the Notepad module. [3]
How can this vulnerability impact me? :
Successful exploitation of this vulnerability may affect service confidentiality, meaning sensitive information handled by the Notepad module could be exposed or accessed without authorization. [3]
What immediate steps should I take to mitigate this vulnerability?
Apply the latest Huawei security update for HarmonyOS 5.1.1 as provided in the January 2026 security bulletin, which includes patches for CVE-2025-68965 and other vulnerabilities. This update is part of Huawei's ongoing monthly security maintenance for flagship models and addresses permission control vulnerabilities in the Notepad module. [3]