CVE-2025-31171

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://consumer.huawei.com/en/support/bulletin/2025/6/

Configurations

Configuration 1 (hide)

cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*

History

06 Jun 2025, 07:15

Type	Values Removed	Values Added
References	~~{'url': 'https://consumer.huawei.com/en/support/bulletin/2025/4/', 'tags': ['Not Applicable'], 'source': 'psirt@huawei.com'}~~	() https://consumer.huawei.com/en/support/bulletin/2025/6/ -

07 May 2025, 20:09

Type	Values Removed	Values Added
References	~~() https://consumer.huawei.com/en/support/bulletin/2025/4/ -~~	() https://consumer.huawei.com/en/support/bulletin/2025/4/ - Not Applicable
CPE		cpe:2.3:o:huawei:harmonyos:5.0.0:::::::*
First Time		Huawei harmonyos Huawei
CWE		NVD-CWE-noinfo

07 Apr 2025, 14:17

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de evasión de permiso de lectura de archivos en el módulo del sistema de archivos del kernel Impacto: La explotación exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio.

07 Apr 2025, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-07 04:15

Updated : 2025-06-06 07:15

NVD link : CVE-2025-31171

Mitre link : CVE-2025-31171

CVE.ORG link : CVE-2025-31171

JSON object : View

Products Affected

huawei

harmonyos

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

6.8 /10