Login Sign Up

CVE-2025-66334

3.3 LOW
Denial of Service

📋 TL;DR

This CVE describes a denial of service vulnerability in Huawei office services where attackers can disrupt service availability. The vulnerability affects Huawei office products and services, potentially impacting organizations using these systems. The low CVSS score suggests limited impact scope.

💻 Affected Systems

Products:
  • Huawei office services
Versions: Specific versions not detailed in provided reference
Operating Systems: Not specified
Default Config Vulnerable: ⚠️ Yes
Notes: Exact product names and versions require checking Huawei's official advisory

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption making office services unavailable to all users

🟠

Likely Case

Temporary service degradation or intermittent outages affecting productivity

🟢

If Mitigated

Minimal impact with proper network segmentation and rate limiting

🌐 Internet-Facing: MEDIUM - Services exposed to internet could be targeted for disruption
🏢 Internal Only: LOW - Internal attackers could cause localized disruption

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

CWE-494 suggests download of code without integrity check, but exact exploitation method not detailed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided information

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/12/

Restart Required: Yes

Instructions:

1. Check Huawei advisory for affected versions 2. Apply recommended patches 3. Restart affected services 4. Verify patch application

🔧 Temporary Workarounds

Network segmentation

all

Isolate office services from untrusted networks

Rate limiting

all

Implement request rate limiting on office service endpoints

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach office services
  • Deploy WAF or IPS with DoS protection rules for office service endpoints

🔍 How to Verify

Check if Vulnerable:

Check Huawei advisory for specific product versions and compare with your deployment

Check Version:

Varies by specific Huawei product - consult product documentation

Verify Fix Applied:

Verify patch version matches Huawei's recommended version and test service functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual spike in office service requests
  • Service restart events
  • Error logs indicating resource exhaustion

Network Indicators:

  • Abnormal traffic patterns to office service ports
  • Multiple failed connection attempts

SIEM Query:

source="office-service" AND (event_type="error" OR request_count > threshold)

📊 Metadata

CVE ID: CVE-2025-66334
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE: CWE-494
EPSS Score: 0% exploit probability (0.2th percentile)
Published: December 8, 2025
Last Updated: December 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66334, you might also want to check these:

CVE-2020-1210 9.9

This is a critical remote code execution vulnerability in Microsoft SharePoint that allows attackers...

Same vulnerability type (CWE-494)
CVE-2020-1595 9.9

CVE-2020-1595 is a critical remote code execution vulnerability in Microsoft SharePoint where improp...

Same vulnerability type (CWE-494)
CVE-2025-40604 9.8

This critical vulnerability in SonicWall Email Security appliances allows attackers with access to v...

Same vulnerability type (CWE-494)