Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-22835

Summary
Assigner-OpenHarmony
Assigner Org ID-0cf5dd6e-1214-4398-a481-30441e48fafd
Published At-04 Mar, 2025 | 03:44
Updated At-11 Mar, 2025 | 16:10
Rejected At-
Credits

Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:OpenHarmony
Assigner Org ID:0cf5dd6e-1214-4398-a481-30441e48fafd
Published At:04 Mar, 2025 | 03:44
Updated At:11 Mar, 2025 | 16:10
Rejected At:
â–¼CVE Numbering Authority (CNA)
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Affected Products
Vendor
OpenHarmony (OpenAtom Foundation)OpenHarmony
Product
OpenHarmony
Default Status
unaffected
Versions
Affected
  • From v4.1.0 through v5.0.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.13.8LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 3.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md
N/A
Hyperlink: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:scy@openharmony.io
Published At:04 Mar, 2025 | 04:15
Updated At:04 Mar, 2025 | 04:15

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.8LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-787Primaryscy@openharmony.io
CWE ID: CWE-787
Type: Primary
Source: scy@openharmony.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.mdscy@openharmony.io
N/A
Hyperlink: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md
Source: scy@openharmony.io
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

33Records found
CVE-2025-24309
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 9.11%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23420
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 9.11%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23240
Matching Score-10
Assigner-OpenHarmony
ShareView Details
Matching Score-10
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 9.11%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24301
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-23409
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Dsoftbus has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-23414
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-21084
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 9.11%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an NULL pointer dereference vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20024
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an integer overflow vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-20626
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-20081
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Dsoftbus has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-20091
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Dsoftbus has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-0587
Matching Score-8
Assigner-OpenHarmony
ShareView Details
Matching Score-8
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an integer overflow vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-47137
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.69%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36423
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-7.4||HIGH
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-16
Not Available
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47398
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.8||HIGH
EPSS-0.03% / 10.01%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 07:57
Updated-16 Oct, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds write vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47797
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.69%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3758
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.81%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:27
Updated-02 Jan, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hmdfs has a heap buffer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-45382
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.04% / 13.10%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-36243
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.96% / 83.17%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-24581
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.88%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:23
Updated-04 Mar, 2025 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39816
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38386
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.09% / 25.66%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37185
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.96% / 83.17%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:14
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37077
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.96% / 83.17%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:14
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-36260
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.96% / 83.17%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-45734
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-4.2||MEDIUM
EPSS-0.04% / 10.31%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:19
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an out-of-bounds write vulnerability

in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38701
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 13.31%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-45126
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.70%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 02:22
Updated-09 Apr, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43662
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.70%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 02:23
Updated-09 Apr, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41802
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41686
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 19.22%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 14:40
Updated-14 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The proc ...

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-27132
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 09:03
Updated-09 May, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24304
Matching Score-6
Assigner-OpenHarmony
ShareView Details
Matching Score-6
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.07% / 20.18%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 02:35
Updated-16 Oct, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkcompiler_ets_runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
Details not found