QwikSec

Security Database

CVE

CWE

Training

CVE-2025-68970

Published: Jan 14, 2026

Modified: Jan 14, 2026

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor	Product	Versions
Huawei	HarmonyOS	affected `4.3.1` affected `4.3.0` affected `4.2.0` affected `4.0.0` affected `3.1.0` +1 more versions
Huawei	EMUI	affected `15.0.0` affected `14.2.0` affected `14.0.0` affected `13.0.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://consumer.huawei.com/en/support/bulletin/2026/1//

https://consumer.huawei.com/en/support/bulletinwearables/2026/1/

https://consumer.huawei.com/en/support/bulletinvision/2026/1/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.