Login Sign Up

CVE-2025-68966

5.1 MEDIUM

📋 TL;DR

A permission control vulnerability in Huawei's Notepad module could allow unauthorized access to sensitive information. This affects Huawei consumer devices with the vulnerable Notepad software installed. The vulnerability impacts service confidentiality by potentially exposing user data.

💻 Affected Systems

Products:
  • Huawei consumer devices with Notepad module
Versions: Specific versions not provided in references; check Huawei bulletins for exact affected versions
Operating Systems: HarmonyOS, Android-based Huawei systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei consumer devices including phones, tablets, laptops, and Vision devices as indicated in the bulletin URLs.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access confidential notes, personal information, or sensitive data stored in the Notepad application without authorization.

🟠

Likely Case

Local users or malicious applications could bypass intended permission controls to read Notepad content they shouldn't have access to.

🟢

If Mitigated

With proper access controls and isolation, the impact would be limited to non-sensitive data or prevented entirely.

🌐 Internet-Facing: LOW - This appears to be a local permission issue requiring access to the device.
🏢 Internal Only: MEDIUM - Internal users or applications could exploit this to access unauthorized Notepad data on affected devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation likely requires some level of access to the device. The CWE-200 classification suggests information exposure through improper permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletins for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2026/1/

Restart Required: Yes

Instructions:

1. Check for updates in device settings. 2. Apply the latest security update from Huawei. 3. Restart the device after installation. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Notepad or restrict permissions

all

Temporarily disable the Notepad application or restrict its permissions until patched

Avoid sensitive data in Notepad

all

Do not store confidential or sensitive information in the Notepad application

🧯 If You Can't Patch

  • Implement strict access controls and monitor for unusual Notepad access patterns
  • Isolate affected devices from sensitive networks and data

🔍 How to Verify

Check if Vulnerable:

Check device software version against Huawei's security bulletins for affected versions

Check Version:

Check in device Settings > About phone/device > Software information

Verify Fix Applied:

Verify the installed software version matches or exceeds the patched version listed in Huawei advisories

📡 Detection & Monitoring

Log Indicators:

  • Unusual Notepad access patterns
  • Permission violation logs
  • Unauthorized access attempts to Notepad data

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Look for Notepad permission errors or unusual access patterns in application logs

📊 Metadata

CVE ID: CVE-2025-68966
CVSS v3 Score: 5.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
EPSS Score: 0.01% exploit probability (0.3th percentile)
Published: January 14, 2026
Last Updated: January 15, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68966, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)