CVE-2024-57954

Medium

Published: 06 February 2025

Published

06 February 2025

Modified

26 September 2025

KEV Added

—

Patch

—

CVSS Score 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0004 12.0th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Security Summary

CVE-2024-57954 is a permission verification vulnerability in the media library module, classified under CWE-285 (Improper Authorization). Published on 2025-02-06, it carries a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high impact on confidentiality but no impact on integrity or availability.

A local attacker requires no privileges, low attack complexity, and no user interaction to exploit the vulnerability. Successful exploitation allows access to confidential service data, potentially compromising sensitive information within the affected media library module.

Mitigation details are provided in the Huawei support bulletin at https://consumer.huawei.com/en/support/bulletin/2025/2/. Security practitioners should consult this advisory for patching instructions and workarounds applicable to affected Huawei products.

Details

CWE(s): CWE-285NVD-CWE-noinfo

Affected Products

huawei

harmonyos

5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/2/
Vendor Advisory · psirt@huawei.com