CVE-2025-0303

High

Published: 07 February 2025

Published

07 February 2025

Modified

11 February 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0007 22.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-0303 is a buffer overflow vulnerability (CWE-120) in OpenHarmony versions v4.1.2 and prior. Published on 2025-02-07, it allows a local attacker to escalate common permissions to root privileges and leak sensitive information.

The vulnerability carries a CVSS v3.1 base score of 8.8 (High), with attack vector AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. A local attacker possessing low privileges can exploit it through low-complexity means without requiring user interaction, resulting in a scope change and high impacts across confidentiality, integrity, and availability, such as achieving root access and exposing sensitive data.

For details on mitigation, patches, and advisories, refer to the OpenHarmony security disclosure at https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-02.md.

Details

CWE(s): CWE-120

Affected Products

openatom

openharmony

4.1.0 — 4.1.2

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE-2025-0303 is a kernel stack overflow vulnerability exploitable by local attackers to escalate privileges to root and leak sensitive information.

References

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-02.md
Third Party Advisory · scy@openharmony.io