Login Sign Up

CVE-2025-64313

5.3 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a denial-of-service vulnerability in Huawei's office service. Successful exploitation could cause the service to become unresponsive or crash, affecting availability. Organizations using affected Huawei products with the office service enabled are at risk.

💻 Affected Systems

Products:
  • Huawei office service products (specific models not detailed in reference)
Versions: Not specified in provided reference
Operating Systems: Not specified
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects the office service component. Check Huawei's advisory for specific product models and versions.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of the office functionality, disrupting business operations that depend on this service.

🟠

Likely Case

Temporary service degradation or intermittent unavailability of office features.

🟢

If Mitigated

Minimal impact with proper network segmentation and rate limiting in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

CWE-362 indicates a race condition vulnerability, which typically requires precise timing and may be harder to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided reference

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/11/

Restart Required: Yes

Instructions:

1. Check Huawei's advisory for affected products. 2. Download and apply the security update from Huawei. 3. Restart the affected service or system.

🔧 Temporary Workarounds

Network segmentation

all

Isolate the office service from untrusted networks to limit attack surface

Rate limiting

all

Implement rate limiting on office service endpoints to prevent DoS conditions

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the office service
  • Monitor service performance metrics and set up alerts for abnormal behavior patterns

🔍 How to Verify

Check if Vulnerable:

Check Huawei advisory for your specific product model and version

Check Version:

Check product documentation for version query commands specific to your Huawei device

Verify Fix Applied:

Verify that the office service version matches the patched version from Huawei's advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual service restart patterns
  • High error rates in office service logs
  • Performance degradation alerts

Network Indicators:

  • Abnormal traffic patterns to office service ports
  • Multiple rapid connection attempts

SIEM Query:

source="office_service" AND (event_type="crash" OR event_type="restart")

📊 Metadata

CVE ID: CVE-2025-64313
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-362
EPSS Score: 0.01% exploit probability (0.3th percentile)
Published: November 28, 2025
Last Updated: December 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64313, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)