How serious is CVE-2025-25277?

This vulnerability has a CVSS score of 7 out of 10, classified as HIGH severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2025-25277?

Yes, proof-of-concept exploit code for CVE-2025-25277 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2025-25277?

CVE-2025-25277 affects openatom openharmony. Check the full CVE details for specific version information.

How do I fix CVE-2025-25277?

To remediate CVE-2025-25277, check for security patches from openatom. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-25277

High

|7.0

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows a local attacker to run their own code within pre-installed apps on OpenHarmony devices, potentially taking control of those apps. However, it can only be exploited in specific situations where the attacker has access to the device.

Technical Description

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityHigh

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$1,000($1K-$5K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 16, 2026

22 days ago

Last Modified

Mar 17, 2026

21 days ago

Vendor

openatom

Product

openharmony

Related Vulnerabilities

CVE-2025-52458High

This vulnerability allows a local attacker to run their own code within pre-installed apps on OpenHarmony devices, potentially leading to unauthorized access or control. However, it can only be exploited in specific situations where the attacker has local access to the device.

CVE-2025-41432High

This vulnerability allows a local attacker to run any code they want in pre-installed apps on OpenHarmony devices, which could lead to unauthorized actions or data access. However, the attack can only happen in specific situations where the attacker has physical access to the device.

CVE-2025-26474Low

This vulnerability allows a local attacker to manipulate input data, potentially leading to incorrect information being processed by the system. However, it can only be exploited in specific, limited situations where the attacker has local access to the device.

CVE-2025-12736Medium

This vulnerability allows a local attacker to access sensitive information that should not be visible, due to a flaw in how the system handles uninitialized resources. The attacker needs to have local access to the device running affected versions of OpenHarmony, specifically v5.0.3 or earlier.