CVE-2025-25277

Published Mar 16, 2026

Last updated 2 days ago

CVSS medium 6.3

Overview

Description
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.
Source
scy@openharmony.io
NVD status
Analyzed
Products
openharmony

Risk scores

CVSS 3.1

Type
Primary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

scy@openharmony.io
CWE-843

Social media

Hype score
Not currently trending

  1. CVE-2025-25277 in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can… https://t.co/LltY88bJWc

    @CVEnew

    16 Mar 2026

    172 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.CVE-2026-0639
  2. in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.CVE-2025-6969
  3. in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.CVE-2025-52458
  4. in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.CVE-2025-41432
  5. in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios.CVE-2025-26474

References

Sources include official advisories and independent security research.