CVE-2025-0304 – OpenHarmony Privilege Escalation and Information Disclosure Vulnerability
The following table lists the changes that have been made to the CVE-2025-0304 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Feb. 07, 2025
Action Type Old Value New Value Added Description in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-416 Added Reference https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-02.md