Login Sign Up

CVE-2025-58307

6.4 MEDIUM
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the screen recording framework module could allow attackers to crash affected systems, affecting availability. This impacts Huawei devices with vulnerable screen recording components. Users of affected Huawei products are at risk.

💻 Affected Systems

Products:
  • Huawei devices with screen recording framework
Versions: Specific versions not detailed in reference; check Huawei advisory for exact ranges
Operating Systems: HarmonyOS, Android-based Huawei systems
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with screen recording functionality enabled are vulnerable. Exact product list requires checking Huawei's detailed advisory.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or denial of service, potentially requiring device restart and causing data loss in active sessions.

🟠

Likely Case

Application crash affecting screen recording functionality and potentially related services.

🟢

If Mitigated

Minimal impact with proper patching and security controls in place.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the device.
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with device access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

UAF vulnerabilities typically require specific conditions to trigger. Exploitation likely requires local access or malicious app installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/11/

Restart Required: Yes

Instructions:

1. Check Huawei security advisory for affected devices. 2. Apply latest security updates via Settings > System & updates > Software update. 3. Restart device after update completes.

🔧 Temporary Workarounds

Disable screen recording

all

Temporarily disable screen recording functionality to reduce attack surface

Restrict app permissions

all

Review and restrict screen recording permissions for apps

🧯 If You Can't Patch

  • Isolate affected devices from critical networks
  • Implement application allowlisting to prevent unauthorized app execution

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Huawei's security advisory list

Check Version:

Settings > About phone > Software information

Verify Fix Applied:

Verify software version matches or exceeds patched version in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected screen recording service crashes
  • Memory access violation logs in system logs

Network Indicators:

  • None - local vulnerability

SIEM Query:

Search for screen recording service crashes or memory violation events in device logs

📊 Metadata

CVE ID: CVE-2025-58307
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.01% exploit probability (0.7th percentile)
Published: November 28, 2025
Last Updated: December 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58307, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)