Login Sign Up

CVE-2025-68964

6.2 MEDIUM
Denial of Service

📋 TL;DR

A data verification vulnerability in the HiView module could allow attackers to disrupt system availability by sending malformed data. This affects Huawei devices with the vulnerable HiView component. Users of affected Huawei products should apply patches immediately.

💻 Affected Systems

Products:
  • Huawei laptops
  • Huawei Vision devices
  • Huawei wearables
  • Other Huawei products with HiView module
Versions: Specific versions not detailed in references; check Huawei advisories
Operating Systems: HarmonyOS, Windows (for laptops), Android-based systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with HiView module enabled; exact configurations require checking Huawei bulletins

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption or system crash of affected Huawei devices

🟠

Likely Case

Temporary service interruption or degraded performance

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring

🌐 Internet-Facing: MEDIUM - Requires specific malformed data but could affect exposed services
🏢 Internal Only: MEDIUM - Internal attackers could disrupt local services

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

CWE-20 suggests improper input validation; exploitation requires crafting specific malformed data

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific Huawei bulletins for each product line

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2026/1/

Restart Required: Yes

Instructions:

1. Visit Huawei support bulletins for your device type
2. Download and apply the latest security update
3. Restart device after installation
4. Verify update applied successfully

🔧 Temporary Workarounds

Disable HiView module if not needed

all

Temporarily disable the vulnerable HiView component to reduce attack surface

Device-specific; check Huawei documentation for HiView disable procedures

Network segmentation

all

Isolate affected devices from untrusted networks

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Monitor for unusual system behavior or crashes related to HiView

🔍 How to Verify

Check if Vulnerable:

Check device firmware/software version against Huawei security bulletins

Check Version:

Device-specific; typically in Settings > About or system information

Verify Fix Applied:

Confirm installed version matches or exceeds patched version in Huawei advisories

📡 Detection & Monitoring

Log Indicators:

  • Unexpected HiView module crashes
  • System logs showing malformed data processing errors
  • Service interruption events

Network Indicators:

  • Unusual data patterns sent to HiView services
  • Traffic spikes to HiView ports

SIEM Query:

Search for 'HiView' AND (crash OR error OR failure) in system logs

📊 Metadata

CVE ID: CVE-2025-68964
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.01% exploit probability (1.6th percentile)
Published: January 14, 2026
Last Updated: January 15, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68964, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)