How serious is CVE-2025-12736?

This vulnerability has a CVSS score of 6.5 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2025-12736?

CVE-2025-12736 affects openatom openharmony. Check the full CVE details for specific version information.

How do I fix CVE-2025-12736?

To remediate CVE-2025-12736, check for security patches from openatom. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-12736

Medium

|6.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows a local attacker to access sensitive information that should not be visible, due to a flaw in how the system handles uninitialized resources. The attacker needs to have local access to the device running affected versions of OpenHarmony, specifically v5.0.3 or earlier.

Technical Description

in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactNone

Availability ImpactNone

ScopeChanged

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$931($500-$1K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 16, 2026

23 days ago

Last Modified

Mar 17, 2026

22 days ago

Vendor

openatom

Product

openharmony

Related Vulnerabilities

CVE-2025-52458High

This vulnerability allows a local attacker to run their own code within pre-installed apps on OpenHarmony devices, potentially leading to unauthorized access or control. However, it can only be exploited in specific situations where the attacker has local access to the device.

CVE-2025-41432High

This vulnerability allows a local attacker to run any code they want in pre-installed apps on OpenHarmony devices, which could lead to unauthorized actions or data access. However, the attack can only happen in specific situations where the attacker has physical access to the device.

CVE-2025-26474Low

This vulnerability allows a local attacker to manipulate input data, potentially leading to incorrect information being processed by the system. However, it can only be exploited in specific, limited situations where the attacker has local access to the device.

CVE-2025-25277High

This vulnerability allows a local attacker to run their own code within pre-installed apps on OpenHarmony devices, potentially taking control of those apps. However, it can only be exploited in specific situations where the attacker has access to the device.