CVE-2025-68966
Permission Control Vulnerability in Notepad Module Risks Data Confidentiality
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | to 6.0.0 (exc) |
| huawei | harmonyos | 4.3.0 |
| huawei | harmonyos | 5.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a permission control vulnerability in the Notepad module of Huawei's HarmonyOS. It means that the system does not properly enforce permission checks in this module, potentially allowing unauthorized access or actions within the Notepad application. [3]
How can this vulnerability impact me? :
Successful exploitation of this vulnerability may affect service confidentiality, meaning that sensitive information handled by the Notepad module could be exposed to unauthorized parties. [3]
What immediate steps should I take to mitigate this vulnerability?
Apply the latest Huawei security update for HarmonyOS 5.1.1 or later, which includes patches for the permission control vulnerability in the Notepad module (CVE-2025-68966). This update is part of Huawei's ongoing monthly security maintenance for flagship models and addresses multiple vulnerabilities affecting service confidentiality and availability. [3]