Login Sign Up

CVE-2025-66323

5.3 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability involves improper security checks in Huawei's card module, allowing attackers to potentially disrupt system availability. It affects Huawei devices with the vulnerable card module component. The impact is primarily denial of service rather than data compromise.

💻 Affected Systems

Products:
  • Huawei devices with card module functionality
Versions: Specific versions not detailed in reference; check Huawei advisory
Operating Systems: Huawei proprietary systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei products using the vulnerable card module; exact product list in Huawei advisory

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability or service disruption affecting critical functions

🟠

Likely Case

Temporary service interruption or degraded performance

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring

🌐 Internet-Facing: MEDIUM - Could be exploited if vulnerable service is exposed, but requires specific conditions
🏢 Internal Only: LOW - Requires internal network access and specific targeting

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires understanding of card module functionality and may need some authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei advisory for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/12/

Restart Required: Yes

Instructions:

1. Review Huawei advisory for affected products. 2. Download and apply security patches from Huawei. 3. Restart affected systems. 4. Verify patch installation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected systems from untrusted networks

Access control restrictions

all

Limit access to card module functionality to authorized users only

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Monitor system logs for unusual card module activity

🔍 How to Verify

Check if Vulnerable:

Check Huawei advisory for affected product models and versions

Check Version:

Check device firmware/software version through Huawei management interface

Verify Fix Applied:

Verify patch version matches Huawei's fixed version list

📡 Detection & Monitoring

Log Indicators:

  • Unusual card module access attempts
  • Multiple failed card operations
  • System availability alerts

Network Indicators:

  • Unexpected traffic to card module ports
  • Anomalous patterns in card-related communications

SIEM Query:

Search for card module error codes or access patterns outside normal baselines

📊 Metadata

CVE ID: CVE-2025-66323
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-358
EPSS Score: 0.01% exploit probability (0.6th percentile)
Published: December 8, 2025
Last Updated: December 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66323, you might also want to check these:

CVE-2022-25152 9.9

CVE-2022-25152 is a critical vulnerability in the ITarian platform that allows authenticated users t...

Same vulnerability type (CWE-358)
CVE-2025-62583 9.8

This vulnerability in Whale Browser allows attackers to escape iframe sandbox restrictions in dual-t...

Same vulnerability type (CWE-358)
CVE-2025-66603 9.8

The OPTIONS method vulnerability in Yokogawa FAST/TOOLS web servers exposes HTTP method information ...

Same vulnerability type (CWE-358)