Login Sign Up

CVE-2025-68965

4.7 MEDIUM

📋 TL;DR

A permission control vulnerability in Huawei's Notepad module could allow unauthorized access to sensitive information. This affects users of Huawei consumer devices with the vulnerable Notepad software. The vulnerability impacts service confidentiality by potentially exposing private notes.

💻 Affected Systems

Products:
  • Huawei consumer devices with Notepad module
Versions: Specific versions not detailed in provided references; check Huawei advisories for exact affected versions
Operating Systems: HarmonyOS, Android-based Huawei systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei smartphones, tablets, laptops, and Vision devices with vulnerable Notepad software versions

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains unauthorized access to all notes containing sensitive personal or business information stored in the Notepad application.

🟠

Likely Case

Limited unauthorized access to some notes, potentially exposing personal information or credentials stored in plain text.

🟢

If Mitigated

With proper access controls and patching, the vulnerability is prevented from being exploited, maintaining note confidentiality.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires some level of access to the device or application context

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletins for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2026/1/

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install available security updates. 3. Restart device after update installation.

🔧 Temporary Workarounds

Disable Notepad or restrict permissions

all

Temporarily disable Notepad app or restrict its permissions until patched

Avoid storing sensitive information

all

Do not store passwords, credentials, or sensitive personal data in Notepad

🧯 If You Can't Patch

  • Implement strict access controls and monitoring on affected devices
  • Isolate affected devices from sensitive networks and data

🔍 How to Verify

Check if Vulnerable:

Check device software version against Huawei's security bulletins for affected versions

Check Version:

Check device settings > About phone > Software information

Verify Fix Applied:

Verify device has installed the latest security updates and Notepad version is updated

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to Notepad data files
  • Permission denial logs for Notepad operations

Network Indicators:

  • Unusual data exfiltration from device if exploited

SIEM Query:

Search for Notepad permission errors or unauthorized file access events

📊 Metadata

CVE ID: CVE-2025-68965
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-200
EPSS Score: 0.01% exploit probability (0.3th percentile)
Published: January 14, 2026
Last Updated: January 15, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68965, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)