Login Sign Up

CVE-2025-66332

3.3 LOW
Denial of Service

📋 TL;DR

This CVE describes a denial of service vulnerability in Huawei office services where specially crafted requests could cause service disruption. The vulnerability affects Huawei products with office service components. Successful exploitation impacts availability but does not compromise confidentiality or integrity.

💻 Affected Systems

Products:
  • Huawei office service components
Versions: Specific versions not detailed in provided reference
Operating Systems: Not specified in provided information
Default Config Vulnerable: ⚠️ Yes
Notes: Check Huawei security bulletin for specific affected products and versions

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of affected office services, disrupting business operations until service restart

🟠

Likely Case

Temporary service degradation or crashes requiring manual intervention to restore functionality

🟢

If Mitigated

Minimal impact with proper network segmentation and request filtering in place

🌐 Internet-Facing: MEDIUM with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CWE-494 suggests download of code without integrity check, potentially allowing DoS through malicious payloads

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/12/

Restart Required: Yes

Instructions:

1. Review Huawei security bulletin for affected products 2. Apply recommended patches or updates 3. Restart affected services 4. Verify service functionality

🔧 Temporary Workarounds

Network segmentation

all

Restrict access to office services to trusted networks only

Request filtering

all

Implement input validation and filtering for office service requests

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Monitor service health and implement automated restart procedures for crashes

🔍 How to Verify

Check if Vulnerable:

Check Huawei security bulletin for affected product versions and compare with your deployed versions

Check Version:

Product-specific - consult Huawei documentation for version checking commands

Verify Fix Applied:

Verify applied patch version matches or exceeds recommended version in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected service crashes
  • Abnormal request patterns to office services
  • Service restart events

Network Indicators:

  • Unusual traffic spikes to office service ports
  • Requests with malformed patterns

SIEM Query:

Example: (event_category:service_crash AND service_name:office*) OR (destination_port:office_service_port AND request_size:abnormal)

📊 Metadata

CVE ID: CVE-2025-66332
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE: CWE-494
EPSS Score: 0% exploit probability (0.2th percentile)
Published: December 8, 2025
Last Updated: December 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66332, you might also want to check these:

CVE-2020-1210 9.9

This is a critical remote code execution vulnerability in Microsoft SharePoint that allows attackers...

Same vulnerability type (CWE-494)
CVE-2020-1595 9.9

CVE-2020-1595 is a critical remote code execution vulnerability in Microsoft SharePoint where improp...

Same vulnerability type (CWE-494)
CVE-2025-40604 9.8

This critical vulnerability in SonicWall Email Security appliances allows attackers with access to v...

Same vulnerability type (CWE-494)