Login Sign Up

CVE-2025-58303

8.4 HIGH
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the screen recording framework module that could allow attackers to crash affected systems, potentially causing denial of service. The vulnerability affects Huawei devices with specific software versions. Successful exploitation could disrupt device functionality and availability.

💻 Affected Systems

Products:
  • Huawei smartphones and tablets
Versions: Specific versions mentioned in Huawei security bulletin (check advisory for exact ranges)
Operating Systems: HarmonyOS, Android-based Huawei EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with screen recording functionality enabled. Check Huawei advisory for specific model and version details.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or freeze requiring hard reboot, potentially causing data loss or service disruption

🟠

Likely Case

Application crash affecting screen recording functionality and related services

🟢

If Mitigated

Minimal impact with proper patch management and security controls in place

🌐 Internet-Facing: LOW (requires local access or malicious app installation)
🏢 Internal Only: MEDIUM (could be exploited by malicious apps or users with device access)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or malicious app installation. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/11/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected devices. 2. Navigate to Settings > System & updates > Software update. 3. Download and install latest security update. 4. Restart device after installation.

🔧 Temporary Workarounds

Disable screen recording permissions

all

Restrict screen recording functionality to prevent exploitation

Restrict app installations

all

Only install apps from trusted sources to prevent malicious exploitation

🧯 If You Can't Patch

  • Implement application allowlisting to prevent unauthorized app execution
  • Monitor for abnormal system behavior or crashes related to screen recording

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Huawei security bulletin

Check Version:

Settings > About phone > Build number / Software version

Verify Fix Applied:

Verify software version after update matches patched version in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected screen recording service crashes
  • Memory access violation logs
  • System stability issues

Network Indicators:

  • No network indicators for this local vulnerability

SIEM Query:

Search for: 'screen recording crash' OR 'UAF' OR 'memory violation' in system logs

📊 Metadata

CVE ID: CVE-2025-58303
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
EPSS Score: 0.01% exploit probability (0.5th percentile)
Published: November 28, 2025
Last Updated: December 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58303, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)