Vulnerabilities > CVE-2025-20081 - Use After Free vulnerability in Openatom Openharmony

CVSS 5.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

local

low complexity

openatom

CWE-416

NVD

Published: 2025-03-04

Updated: 2025-03-04

Summary

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Vulnerable Configurations

Part	Description	Count
OS	Openatom Openatom Openharmony 4.1 Openatom Openharmony 4.1.0 Openatom Openharmony 4.1.1 Openatom Openharmony 4.1.2 Openatom Openharmony 4.1.3 Openatom Openharmony 5.0 Openatom Openharmony 5.0.1 Openatom Openharmony 5.0.2	10

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md