CVE-2025-46586 MEDIUM

CVE-2025-46586

Vendor Huawei
Product HarmonyOS
Weakness CWE-862 · Missing authorization
Published May 6, 2025
Last update September 18, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.

Key dates

02Disclosure timeline

May 6, 2025 CVE published
September 18, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-13312 CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action CVE-2026-24615 WordPress Cream Magazine theme <= 2.1.10 - Broken Access Control vulnerability CVE-2025-24604 WordPress VForm plugin <= 3.0.5 - Broken Access Control vulnerability CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability CVE-2024-34444 WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability