Login Sign Up

CVE-2025-58294

6.2 MEDIUM

📋 TL;DR

A permission control vulnerability in the print module allows unauthorized access to sensitive information. This affects systems running vulnerable Huawei software versions where the print service is enabled. Attackers could potentially access confidential data through improper permission checks.

💻 Affected Systems

Products:
  • Huawei products with vulnerable print modules
Versions: Specific versions not detailed in provided reference; check Huawei advisory
Operating Systems: Multiple - depends on specific Huawei product implementation
Default Config Vulnerable: ⚠️ Yes
Notes: Requires print module/service to be enabled and accessible

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized disclosure of sensitive printed documents or system information to attackers

🟠

Likely Case

Limited information disclosure from print jobs or print service metadata

🟢

If Mitigated

No impact if proper access controls and network segmentation are implemented

🌐 Internet-Facing: MEDIUM - Print services are often exposed internally but less commonly internet-facing
🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Likely requires some level of access to the system or network

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security advisory for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/11/

Restart Required: Yes

Instructions:

1. Review Huawei security advisory 2. Identify affected products/versions 3. Apply vendor-provided patches 4. Restart affected services/systems 5. Verify patch application

🔧 Temporary Workarounds

Disable print service

linux

Temporarily disable the vulnerable print module/service

systemctl stop [print-service-name]
systemctl disable [print-service-name]

Network segmentation

linux

Restrict network access to print services

iptables -A INPUT -p tcp --dport [print-port] -j DROP
firewall-cmd --permanent --remove-service=ipp

🧯 If You Can't Patch

  • Implement strict access controls and authentication for print services
  • Monitor print service logs for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check system version against Huawei advisory and verify print service is running

Check Version:

Check product-specific version command (varies by Huawei product)

Verify Fix Applied:

Verify patch version installed and test print service functionality with proper permissions

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to print services
  • Failed authentication to print module
  • Unusual print job requests

Network Indicators:

  • Unexpected connections to print service ports
  • Traffic to print services from unauthorized sources

SIEM Query:

source="print-service" AND (event_type="access_denied" OR user="unknown")

📊 Metadata

CVE ID: CVE-2025-58294
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-264
EPSS Score: 0.01% exploit probability (0.7th percentile)
Published: November 28, 2025
Last Updated: December 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58294, you might also want to check these:

CVE-2021-36879 9.8

This vulnerability allows unauthenticated attackers to escalate privileges in WordPress sites using ...

Same vulnerability type (CWE-264)
CVE-2022-36246 9.8

Shop Beat Media Player versions 2.5.95 through 3.2.57 have insecure permissions that allow unauthori...

Same vulnerability type (CWE-264)
CVE-2022-33198 9.8

This vulnerability allows unauthenticated attackers to modify WordPress options through the Accordio...

Same vulnerability type (CWE-264)