Login Sign Up

CVE-2025-58304

4.9 MEDIUM

📋 TL;DR

A permission control vulnerability in the file management module could allow unauthorized access to sensitive files. This affects Huawei products with the vulnerable file management module, potentially exposing confidential service data to attackers.

💻 Affected Systems

Products:
  • Huawei products with vulnerable file management module
Versions: Specific versions not detailed in advisory
Operating Systems: Not specified
Default Config Vulnerable: ⚠️ Yes
Notes: Check Huawei security bulletin for specific affected products and versions

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain unauthorized access to sensitive configuration files, credentials, or user data, leading to data breach and potential lateral movement.

🟠

Likely Case

Local authenticated users or attackers with initial access can escalate privileges or access files beyond their intended permissions.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor information disclosure with no system compromise.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires some level of access to the system

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: See Huawei security bulletin for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/11/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected products. 2. Apply recommended security updates. 3. Restart affected services/systems.

🔧 Temporary Workarounds

Restrict file permissions

linux

Manually review and tighten file permissions on sensitive directories

chmod 600 sensitive_file.txt
chown root:root sensitive_directory

Implement access controls

linux

Use additional access control mechanisms like SELinux or AppArmor

setenforce 1
aa-enforce /path/to/profile

🧯 If You Can't Patch

  • Implement strict file permission auditing and monitoring
  • Isolate affected systems from sensitive networks and data

🔍 How to Verify

Check if Vulnerable:

Check system version against Huawei security bulletin

Check Version:

Check product-specific version command (varies by Huawei product)

Verify Fix Applied:

Verify updated version and test file access controls

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized file access attempts
  • Permission change events
  • Failed access control checks

Network Indicators:

  • Unusual file transfer patterns from affected systems

SIEM Query:

source="file_access_logs" AND (event_type="permission_violation" OR user="unauthorized")

📊 Metadata

CVE ID: CVE-2025-58304
CVSS v3 Score: 4.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CWE: CWE-199
EPSS Score: 0.01% exploit probability (0.6th percentile)
Published: November 28, 2025
Last Updated: December 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON