Cyber Resilience

CVE-2025-68955

High

Published: 14 January 2026

Published
14 January 2026
Modified
15 January 2026
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
EPSS Score 0.0001 0.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68955 is a high-severity Race Condition (CWE-362) vulnerability in Huawei Harmonyos. Its CVSS base score is 8.0 (High).

Operationally, ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-68955 is a multi-thread race condition vulnerability, classified under CWE-362, in the card framework module. It was published on 2026-01-14T02:15:50.213 with a CVSS v3.1 base score of 8.0 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H). The vulnerability affects Huawei consumer devices, as indicated by security bulletins for general products, laptops, and wearables.

A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation may affect availability, with potential impacts including low confidentiality loss, high integrity compromise, and high availability disruption.

Huawei has issued security bulletins in January 2026 addressing this issue, available at consumer support pages for general products (https://consumer.huawei.com/en/support/bulletin/2026/1/), laptops (https://consumer.huawei.com/en/support/bulletinlaptops/2026/1/), and wearables (https://consumer.huawei.com/en/support/bulletinwearables/2026/1/). Practitioners should consult these for patch details and mitigation guidance.

EU & UK References

Vulnerability details

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-68960Same product: Huawei Harmonyos
CVE-2025-68957Same product: Huawei Harmonyos
CVE-2026-34851Same product: Huawei Harmonyos
CVE-2025-68956Same product: Huawei Harmonyos
CVE-2026-34856Same product: Huawei Harmonyos
CVE-2025-68958Same product: Huawei Harmonyos
CVE-2024-58045Same product: Huawei Harmonyos
CVE-2026-24930Same product: Huawei Harmonyos
CVE-2026-24925Same product: Huawei Harmonyos
CVE-2024-57955Same product: Huawei Harmonyos

Affected Assets

huawei
harmonyos
6.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the race condition vulnerability by requiring timely installation of Huawei's January 2026 patches for affected consumer devices.

detect

Vulnerability scanning identifies systems running vulnerable versions of the card framework module prior to local exploitation.

detect

System monitoring detects anomalous behavior or crashes in the card framework indicative of race condition exploitation affecting availability and integrity.

References