CVE-2023-52953
Published: 08 January 2025
Summary
CVE-2023-52953 is a medium-severity Path Traversal (CWE-22) vulnerability in Huawei Harmonyos. Its CVSS base score is 6.2 (Medium).
Operationally, ranked at the 31.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the specific path traversal flaw in the Medialibrary module through timely patching and flaw correction as detailed in the Huawei support bulletin.
Prevents exploitation of the path traversal vulnerability by validating file path inputs to the Medialibrary module against traversal sequences like '../'.
Mitigates path traversal by restricting special characters and formats in inputs to the Medialibrary module that could enable directory traversal.
NVD Description
Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Deeper analysisAI
CVE-2023-52953 is a path traversal vulnerability (CWE-22) in the Medialibrary module. Successful exploitation affects integrity and confidentiality, with a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability was published on 2025-01-08.
A local attacker can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Exploitation leads to high-impact disruption of availability, alongside effects on integrity and confidentiality as stated in the description.
The Huawei consumer support bulletin provides details on mitigation: https://consumer.huawei.com/en/support/bulletin/2025/1/.
Details
- CWE(s)