CVE-2023-25176

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Mar 4, 2024
Updated: Dec 16, 2024
CWE ID 125

Summary

CVE-2023-25176 is a newly disclosed vulnerability affecting OpenHarmony versions 3.2.4 and prior. A local attacker can exploit this issue, classified as an out-of-bounds read vulnerability, to leak sensitive information from the affected system. Successful exploitation does not require privileged access or network connectivity beyond the local host, making it a significant threat for organizations and individuals using OpenHarmony. The vulnerability stems from improper input validation, allowing attackers to read memory beyond designated boundaries. To mitigate this risk, it is recommended that users update to the latest OpenHarmony version as soon as possible, implementing relevant security patches to protect against potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share