CVE-2025-46589 MEDIUM

CVE-2025-46589

Vendor Huawei

Product HarmonyOS

Weakness CWE-284

Published May 6, 2025

Last update September 18, 2025

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Key dates

02Disclosure timeline

May 6, 2025 CVE published

September 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-46589

Related vulnerabilities

04Related CVE

CVE-2025-20339 Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability CVE-2022-3780 CVE-2024-51995 Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop CVE-2026-0977 IBM CICS Transaction Gateway for Multiplatforms Information Disclosure CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access