Cyber Posture

CVE-2025-23414

Low

Published: 04 March 2025

Published
04 March 2025
Modified
04 March 2025
KEV Added
Patch
CVSS Score 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
EPSS Score 0.0012 30.0th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23414 is a low-severity Use After Free (CWE-416) vulnerability in Openatom Openharmony. Its CVSS base score is 3.8 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 30.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the use-after-free vulnerability by requiring timely patching of the affected OpenHarmony pre-installed applications.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms that prevent exploitation of the use-after-free vulnerability through unauthorized memory access.

SC-39 Process Isolation partial match
prevent

Enforces process isolation for pre-installed applications to confine arbitrary code execution and limit impact to the exploited process.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The use-after-free vulnerability in pre-installed applications allows a local attacker with low privileges to achieve arbitrary code execution, directly enabling exploitation for privilege escalation (T1068) as the attacker starts with low privileges and gains code execution in system-level apps.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Deeper analysisAI

CVE-2025-23414 is a use-after-free vulnerability (CWE-416) in OpenHarmony versions v5.0.2 and prior. Published on 2025-03-04T04:15:15.377, it enables a local attacker to achieve arbitrary code execution within pre-installed applications. The vulnerability carries a CVSS v3.1 base score of 3.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N), reflecting low severity with local access requirements, low attack complexity, low privileges needed, no user interaction, changed scope, and limited confidentiality impact.

A local attacker with low privileges can exploit this vulnerability to execute arbitrary code in pre-installed apps. Exploitation is possible only in restricted scenarios, requiring physical or logical local access to the system. While it grants code execution, impacts are confined to low confidentiality disclosure with no integrity or availability effects.

The OpenHarmony security advisory provides further details on this vulnerability at https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md.

Details

CWE(s)
CWE-416

Affected Products

openatom
openharmony
4.1.0 — 5.0.2

CVEs Like This One

CVE-2025-20626Same product: Openatom Openharmony
CVE-2025-24301Same product: Openatom Openharmony
CVE-2025-23409Same product: Openatom Openharmony
CVE-2025-20091Same product: Openatom Openharmony
CVE-2025-0304Same product: Openatom Openharmony
CVE-2025-0587Same product: Openatom Openharmony
CVE-2025-0303Same product: Openatom Openharmony
CVE-2025-22835Same product: Openatom Openharmony
CVE-2025-21084Same product: Openatom Openharmony
CVE-2025-23420Same product: Openatom Openharmony

References