CVE-2024-58043

High

Published: 04 March 2025

Published

04 March 2025

Modified

04 March 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

EPSS Score 0.0001 0.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2024-58043 is a permission bypass vulnerability in the window module, published on 2025-03-04. It carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L) and is associated with CWE-840 and NVD-CWE-noinfo. Successful exploitation may affect service confidentiality.

A local attacker with no privileges required can exploit this vulnerability with low complexity and no user interaction. Exploitation allows limited impact to confidentiality, high impact to integrity, and limited impact to availability, enabling unauthorized access or modification beyond intended permissions in the affected window module.

The Huawei consumer support bulletin at https://consumer.huawei.com/en/support/bulletin/2025/3/ provides details on mitigation and patches.

Details

CWE(s): CWE-840NVD-CWE-noinfo

Affected Products

huawei

emui

12.0.0, 13.0.0, 14.0.0

huawei

harmonyos

2.0.0, 2.1.0, 3.0.0, 3.1.0, 4.0.0

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local permission bypass vulnerability with no privileges required enables exploitation of software flaws to gain unauthorized access and modification, directly mapping to Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://consumer.huawei.com/en/support/bulletin/2025/3/
Vendor Advisory · psirt@huawei.com