CVE-2025-0304 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-0304?

CVE-2025-0304 has a CVSS score of 8.8 (HIGH). This CVE describes a use-after-free vulnerability in OpenHarmony that allows a local attacker to escalate common permissions to root privileges and leak sensitive information. It affects OpenHarmony v4.1.2 and earlier versions. The vulnerability requires local access to the system.

📋 TL;DR

This CVE describes a use-after-free vulnerability in OpenHarmony that allows a local attacker to escalate common permissions to root privileges and leak sensitive information. It affects OpenHarmony v4.1.2 and earlier versions. The vulnerability requires local access to the system.

💻 Affected Systems

Products:

OpenHarmony

Versions: v4.1.2 and prior versions

Operating Systems: OpenHarmony-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected OpenHarmony versions are vulnerable. The vulnerability requires local access to exploit.

📦 What is this software?

Openharmony by Openatom

View all CVEs affecting Openharmony →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root access, allowing installation of persistent malware, data exfiltration, and disabling of security controls.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive data and system resources that should be restricted.

🟢

If Mitigated

Limited impact if proper access controls and privilege separation are implemented, though information leakage may still occur.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local system access.

🏢 Internal Only: HIGH - Any user with local access could potentially exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of the use-after-free condition. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenHarmony v4.1.3 or later

Vendor Advisory: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-02.md

Restart Required: No

Instructions:

1. Check current OpenHarmony version. 2. Update to OpenHarmony v4.1.3 or later. 3. Apply the security patch through official update channels. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts to only trusted personnel and implement strict access controls

Implement privilege separation

all

Ensure proper privilege separation between user processes and system processes

🧯 If You Can't Patch

Implement strict access controls to limit local user access to vulnerable systems
Monitor for suspicious privilege escalation attempts and implement enhanced logging

🔍 How to Verify

Check if Vulnerable:

Check OpenHarmony version using 'getprop ro.build.version.ohos' command. If version is 4.1.2 or earlier, the system is vulnerable.

Check Version:

getprop ro.build.version.ohos

Verify Fix Applied:

After updating, verify the version is 4.1.3 or later using 'getprop ro.build.version.ohos' command.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Processes running with unexpected root privileges
Access to sensitive system files by non-privileged users

Network Indicators:

Unusual outbound connections from system processes
Data exfiltration patterns

SIEM Query:

process:privilege_escalation AND os:openharmony AND version:<=4.1.2

📊 Metadata

CVE ID: CVE-2025-0304

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (11.6th percentile)

Published: February 7, 2025

Last Updated: February 11, 2025

🔗 References

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-02.md Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0304, you might also want to check these: