Login Sign Up

CVE-2023-52537

7.5 HIGH

📋 TL;DR

This vulnerability allows attackers to bypass package name verification in the HwIms module on Huawei devices running HarmonyOS. Successful exploitation can affect system availability, potentially causing service disruption or crashes. It primarily impacts Huawei smartphone and tablet users with vulnerable HarmonyOS versions.

💻 Affected Systems

Products:
  • Huawei smartphones
  • Huawei tablets
Versions: HarmonyOS versions prior to security updates released in March 2024
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the vulnerable HwIms module. Exact device models should be verified via Huawei security bulletins.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability or crash, rendering the device unusable until reboot or recovery.

🟠

Likely Case

Service disruption in the IMS module affecting telephony or messaging functionality.

🟢

If Mitigated

Minimal impact with proper security controls and updated software.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring device access.
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with device access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS security updates from March 2024

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/3/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings > System & updates > Software update. 2. Download and install available security updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like Huawei AppGallery

Disable unknown sources

all

Prevent installation of apps from unknown sources

🧯 If You Can't Patch

  • Monitor device for unusual behavior or crashes
  • Limit device access to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. Compare with patched versions in Huawei security bulletins.

Check Version:

Not applicable - check via device Settings interface

Verify Fix Applied:

Verify HarmonyOS version is updated to March 2024 security patch or later.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected HwIms module crashes
  • Package verification failures in system logs

Network Indicators:

  • None - local vulnerability

SIEM Query:

Not applicable for typical mobile device environments

📊 Metadata

CVE ID: CVE-2023-52537
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-280
Published: April 8, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52537, you might also want to check these:

CVE-2025-46066 9.9

A privilege escalation vulnerability in Automai Director v.25.2.0 allows remote attackers to gain el...

Same vulnerability type (CWE-280)
CVE-2024-25108 9.9

This CVE describes an authorization bypass vulnerability in Pixelfed that allows attackers to access...

Same vulnerability type (CWE-280)
CVE-2024-24116 9.8

A privilege escalation vulnerability in Ruijie RG-NBS2009G-P switches allows remote attackers to gai...

Same vulnerability type (CWE-280)