CVE-2024-57957

CVE-2024-57957 is a vulnerability involving improper log information control in the UI framework module of Huawei devices. This flaw, associated with CWE-657 (Violation of Secure Design Principles) and CWE-532 (Insertion of Sensitive Information into Log File), was published on February 6, 2025, and carries a CVSS v3.1 base score of 6.6 (AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Exploitation requires physical access to the device (AV:P), low attack complexity, no privileges (PR:N), and user interaction (UI:R), such as tricking a user into performing a specific action. Successful attacks can result in high-impact confidentiality, integrity, and availability consequences, with the primary effect being disruption to service confidentiality as sensitive log information is improperly controlled.

Huawei has issued a support bulletin detailing the vulnerability at https://consumer.huawei.com/en/support/bulletin/2025/2/, which security practitioners should consult for mitigation guidance and available patches.