Cyber Resilience

CVE-2024-57957

Medium

Published: 06 February 2025

Published
06 February 2025
Modified
17 March 2025
KEV Added
Patch
CVSS Score v3.1 6.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57957 is a medium-severity Violation of Secure Design Principles (CWE-657) vulnerability in Huawei Harmonyos. Its CVSS base score is 6.6 (Medium).

Operationally, ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-11 (Device Lock) and AU-3 (Content of Audit Records).

Deeper analysis

CVE-2024-57957 is a vulnerability involving improper log information control in the UI framework module of Huawei devices. This flaw, associated with CWE-657 (Violation of Secure Design Principles) and CWE-532 (Insertion of Sensitive Information into Log File), was published on February 6, 2025, and carries a CVSS v3.1 base score of 6.6 (AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Exploitation requires physical access to the device (AV:P), low attack complexity, no privileges (PR:N), and user interaction (UI:R), such as tricking a user into performing a specific action. Successful attacks can result in high-impact confidentiality, integrity, and availability consequences, with the primary effect being disruption to service confidentiality as sensitive log information is improperly controlled.

Huawei has issued a support bulletin detailing the vulnerability at https://consumer.huawei.com/en/support/bulletin/2025/2/, which security practitioners should consult for mitigation guidance and available patches.

EU & UK References

Vulnerability details

Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24925Same product: Huawei Harmonyos
CVE-2025-68960Same product: Huawei Harmonyos
CVE-2024-57955Same product: Huawei Harmonyos
CVE-2024-56451Same product: Huawei Harmonyos
CVE-2024-12602Same product: Huawei Harmonyos
CVE-2025-68957Same product: Huawei Harmonyos
CVE-2026-24921Same product: Huawei Harmonyos
CVE-2026-34851Same product: Huawei Harmonyos
CVE-2025-68956Same product: Huawei Harmonyos
CVE-2026-24915Same product: Huawei Harmonyos

Affected Assets

huawei
harmonyos
5.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Protects audit information and log files from unauthorized access, modification, or deletion, directly mitigating the confidentiality impact of sensitive information improperly controlled in logs.

prevent

Defines and controls the content of audit records to prevent the insertion of sensitive service information into log files, addressing CWE-532.

prevent

Locks the device to prevent unauthorized physical access and user interaction with the UI framework module required for exploitation.

References