Insecure Storage of Sensitive Information
CVE-2025-21098
Summary
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-922 - Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors.
References
Advisory Timeline
- Published
