CVE-2025-64311 – A permission control vulnerability in Huawei's ... (How to Fix)

Q: What is the severity of CVE-2025-64311?

CVE-2025-64311 has a CVSS score of 5.1 (MEDIUM). A permission control vulnerability in Huawei's Notepad module could allow unauthorized access to sensitive information. This affects Huawei device users who have the vulnerable Notepad application installed. The vulnerability impacts service confidentiality by potentially exposing private notes.

📋 TL;DR

A permission control vulnerability in Huawei's Notepad module could allow unauthorized access to sensitive information. This affects Huawei device users who have the vulnerable Notepad application installed. The vulnerability impacts service confidentiality by potentially exposing private notes.

💻 Affected Systems

Products:

Huawei devices with Notepad application

Versions: Specific versions not detailed in reference; check Huawei advisory for affected versions

Operating Systems: HarmonyOS, Android-based Huawei systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Huawei devices with the vulnerable Notepad module. Users should check the Huawei advisory for specific device models and software versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains unauthorized access to all private notes stored in the Notepad application, potentially exposing sensitive personal or business information.

🟠

Likely Case

Limited unauthorized access to some notes or metadata through improper permission controls, potentially exposing private information.

🟢

If Mitigated

No data exposure occurs due to proper access controls and isolation between user accounts and applications.

🌐 Internet-Facing: LOW - This appears to be a local application vulnerability requiring access to the device.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with physical/network access to the device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some level of access to the device. The CWE-200 classification suggests information exposure through improper permission controls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/11/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected devices. 2. Update device software through Settings > System & updates > Software update. 3. Apply any available security patches. 4. Restart device after update.

🔧 Temporary Workarounds

Disable Notepad or restrict permissions

all

Temporarily disable the Notepad application or restrict its permissions until patch is applied

Use alternative note-taking apps

all

Switch to third-party note applications with proper security controls

🧯 If You Can't Patch

Isolate affected devices from sensitive networks
Implement strict access controls and monitor for unusual Notepad access patterns

🔍 How to Verify

Check if Vulnerable:

Check device software version in Settings > About phone > Software information and compare against Huawei security bulletin

Check Version:

Settings > About phone > Software information (device-specific)

Verify Fix Applied:

Verify software version after update matches patched version in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

Unusual Notepad access patterns
Permission violation logs
Unauthorized access attempts to note storage

Network Indicators:

Unusual data exfiltration from device
Suspicious inter-app communication

SIEM Query:

Search for Notepad permission violations or unusual access patterns in device logs

📊 Metadata

CVE ID: CVE-2025-64311

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.01% exploit probability (0.7th percentile)

Published: November 28, 2025

Last Updated: December 2, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2025/11/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64311, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Notepad or restrict permissions

Use alternative note-taking apps

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities