Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenHarmony — Vulnerabilities & Security Advisories 167

Browse all 167 CVE security advisories affecting OpenHarmony. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenHarmony is an open-source operating system designed for distributed scenarios across smart devices, IoT, and industrial applications. Its architecture emphasizes modularity and scalability, allowing developers to tailor the system for diverse hardware constraints. Historically, the project has faced 167 recorded Common Vulnerabilities and Exposures (CVEs), with recurring issues primarily involving buffer overflows, use-after-free errors, and improper input validation. These flaws often lead to remote code execution or privilege escalation, particularly within the device communication and permission management modules. While no single catastrophic incident has defined its history, the high volume of CVEs highlights challenges in maintaining rigorous security standards across its fragmented ecosystem. The project relies on community-driven patches and formal verification efforts to mitigate risks, though the complexity of its distributed nature continues to present significant attack surface challenges for security researchers and administrators alike.

Top products by OpenHarmony: OpenHarmony
CVE IDTitleCVSSSeverityPublished
CVE-2025-6969 ability_ability_runtime an improper input validation vulnerability — OpenHarmonyCWE-20 5.0 Medium2026-03-16
CVE-2025-26474 communication_ipc an improper input validation vulnerability — OpenHarmonyCWE-20 3.3 Low2026-03-16
CVE-2025-52458 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 5.5 Medium2026-03-16
CVE-2025-41432 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 5.5 Medium2026-03-16
CVE-2025-25277 arkcompiler_ets_runtime has a type confusion vulnerability — OpenHarmonyCWE-843 6.3 Medium2026-03-16
CVE-2025-12736 multimedia_audio_standard has an insecure storage of sensitive information vulnerability — OpenHarmonyCWE-908 6.5 Medium2026-03-16
CVE-2026-0639 liteos_a has a missing release of memory vulnerability — OpenHarmonyCWE-401 3.3 Low2026-03-16
CVE-2025-27562 communication_dsoftbus has a missing release of memory vulnerability — OpenHarmonyCWE-401 3.3 Low2025-08-11
CVE-2025-27128 liteos_a has an UAF vulnerability — OpenHarmonyCWE-416 8.4 High2025-08-11
CVE-2025-25212 pasteboard has an improper input vulnerability — OpenHarmonyCWE-20 3.3 Low2025-08-11
CVE-2025-24844 communication_dsoftbus has a missing release of memory vulnerability — OpenHarmonyCWE-401 3.3 Low2025-08-11
CVE-2025-27536 arkcompiler_ets_runtime has a type confusion vulnerability — OpenHarmonyCWE-843 3.3 Low2025-08-11
CVE-2025-26690 communication dsoftbus has a NULL pointer vulnerability — OpenHarmonyCWE-476 3.3 Low2025-08-11
CVE-2025-24925 applications_settings has a missing release of memory vulnerability — OpenHarmonyCWE-401 3.3 Low2025-08-11
CVE-2025-24298 liteos_a has an UAF vulnerability — OpenHarmonyCWE-416 8.4 High2025-08-11
CVE-2025-25278 liteos_a has a race condition vulnerability — OpenHarmonyCWE-362 8.4 High2025-08-11
CVE-2025-27577 liteos_a has a race condition vulnerability — OpenHarmonyCWE-362 8.4 High2025-08-11
CVE-2025-27247 Pasteboard has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 5.5 Medium2025-06-08
CVE-2025-27242 Ssecurity_component_manager has an improper input vulnerability — OpenHarmonyCWE-20 3.3 Low2025-06-08
CVE-2025-27563 security_access_token has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 3.3 Low2025-06-08
CVE-2025-26693 security_access_token has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 3.3 Low2025-06-08
CVE-2025-26691 telephony_call_manager has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 5.5 Medium2025-06-08
CVE-2025-27131 kernel_liteos_m has an improper input vulnerability — OpenHarmonyCWE-20 6.1 Medium2025-06-08
CVE-2025-24493 kernel_liteos_a has a race condition vulnerability — OpenHarmonyCWE-362 5.5 Medium2025-06-08
CVE-2025-25217 arkui_ace_enginehas a NULL pointer dereference vulnerability — OpenHarmonyCWE-476 3.3 Low2025-06-08
CVE-2025-23235 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-125 3.3 Low2025-06-08
CVE-2025-21082 arkui_ace_engine has a type confusion vulnerability — OpenHarmonyCWE-843 3.3 Low2025-06-08
CVE-2025-20063 arkui_ace_engine has a type confusion vulnerability — OpenHarmonyCWE-843 3.3 Low2025-06-08
CVE-2025-25052 arkcompiler_ets_runtime has a buffer overflow vulnerability — OpenHarmonyCWE-120 3.3 Low2025-05-06
CVE-2025-27241 multimedia_av_codec has a NULL pointer dereference vulnerability — OpenHarmonyCWE-476 3.3 Low2025-05-06

This page lists every published CVE security advisory associated with OpenHarmony. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.