CVE-2023-52953

Medium

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0013 31.4th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Security Summary

CVE-2023-52953 is a path traversal vulnerability (CWE-22) in the Medialibrary module. Successful exploitation affects integrity and confidentiality, with a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability was published on 2025-01-08.

A local attacker can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Exploitation leads to high-impact disruption of availability, alongside effects on integrity and confidentiality as stated in the description.

The Huawei consumer support bulletin provides details on mitigation: https://consumer.huawei.com/en/support/bulletin/2025/1/.

Details

CWE(s): CWE-22

Affected Products

huawei

emui

12.0.0, 13.0.0

huawei

harmonyos

2.0.0, 2.1.0, 3.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com