CVE-2023-52953
Published: 08 January 2025
Summary
CVE-2023-52953 is a medium-severity Path Traversal (CWE-22) vulnerability in Huawei Harmonyos. Its CVSS base score is 6.2 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-52953 is a path traversal vulnerability (CWE-22) in the Medialibrary module. Successful exploitation affects integrity and confidentiality, with a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability was published on 2025-01-08.
A local attacker can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Exploitation leads to high-impact disruption of availability, alongside effects on integrity and confidentiality as stated in the description.
The Huawei consumer support bulletin provides details on mitigation: https://consumer.huawei.com/en/support/bulletin/2025/1/.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-59441
Vulnerability details
Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal (CWE-22) directly enables arbitrary local file read/write/delete operations without privileges, facilitating data access from the local system, file/directory discovery, and file deletion for availability impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the specific path traversal flaw in the Medialibrary module through timely patching and flaw correction as detailed in the Huawei support bulletin.
Prevents exploitation of the path traversal vulnerability by validating file path inputs to the Medialibrary module against traversal sequences like '../'.
Mitigates path traversal by restricting special characters and formats in inputs to the Medialibrary module that could enable directory traversal.