Login Sign Up

CVE-2025-66331

3.3 LOW
Denial of Service

📋 TL;DR

This CVE describes a denial-of-service vulnerability in Huawei office services where attackers can disrupt service availability. The vulnerability affects Huawei products running vulnerable versions of their office software. Impact is limited to availability disruption with no data compromise.

💻 Affected Systems

Products:
  • Huawei office services
Versions: Specific versions not detailed in bulletin; check Huawei advisory
Operating Systems: Not specified, likely multiple
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei office service implementations; exact products and versions require checking the Huawei security bulletin

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage making office services unavailable to all users

🟠

Likely Case

Temporary service disruption requiring restart of affected services

🟢

If Mitigated

Minimal impact with proper network segmentation and rate limiting

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could affect externally accessible services
🏢 Internal Only: LOW - Typically requires internal network access and specific targeting

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

CWE-494 indicates download of code without integrity check; likely requires specific conditions to trigger DoS

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/12/

Restart Required: Yes

Instructions:

1. Review Huawei security bulletin 2. Identify affected products 3. Apply recommended patches 4. Restart affected services

🔧 Temporary Workarounds

Network segmentation

all

Isolate office services from untrusted networks

Rate limiting

all

Implement request rate limiting on office service endpoints

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can access office services
  • Monitor service availability and implement automated restart procedures for service disruptions

🔍 How to Verify

Check if Vulnerable:

Check Huawei security bulletin and compare with your product versions

Check Version:

Product-specific; consult Huawei documentation

Verify Fix Applied:

Verify patch installation and test service functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual service restarts
  • High error rates in office service logs
  • Connection spikes to office services

Network Indicators:

  • Abnormal traffic patterns to office service ports
  • Repeated connection attempts

SIEM Query:

source="office-service" AND (event_type="error" OR event_type="restart") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-66331
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE: CWE-494
EPSS Score: 0% exploit probability (0.2th percentile)
Published: December 8, 2025
Last Updated: December 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66331, you might also want to check these:

CVE-2020-1210 9.9

This is a critical remote code execution vulnerability in Microsoft SharePoint that allows attackers...

Same vulnerability type (CWE-494)
CVE-2020-1595 9.9

CVE-2020-1595 is a critical remote code execution vulnerability in Microsoft SharePoint where improp...

Same vulnerability type (CWE-494)
CVE-2025-40604 9.8

This critical vulnerability in SonicWall Email Security appliances allows attackers with access to v...

Same vulnerability type (CWE-494)