Cyber Resilience

CVE-2025-68960

High

Published: 14 January 2026

Published
14 January 2026
Modified
15 January 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0000 0.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68960 is a high-severity Race Condition (CWE-362) vulnerability in Huawei Harmonyos. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-68960 is a multi-thread race condition vulnerability, classified under CWE-362, in the video framework module. It affects Huawei consumer products, as indicated by the vendor's security bulletins. The vulnerability was published on 2026-01-14T03:15:50.560 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high impacts across confidentiality, integrity, and availability despite the primary noted effect on availability.

A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation allows the attacker to gain high-level unauthorized access to sensitive data, modify system integrity, and disrupt availability, potentially leading to full compromise of the affected video framework module.

Huawei has published security bulletins addressing this issue, available at https://consumer.huawei.com/en/support/bulletin/2026/1/ and https://consumer.huawei.com/en/support/bulletinlaptops/2026/1/, which likely detail patches and mitigation steps for affected consumer devices.

EU & UK References

Vulnerability details

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local unauthenticated race condition (CWE-362) in video framework directly enables privilege escalation to high-impact compromise (C/I/A).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-68957Same product: Huawei Harmonyos
CVE-2025-68956Same product: Huawei Harmonyos
CVE-2025-68958Same product: Huawei Harmonyos
CVE-2026-24930Same product: Huawei Harmonyos
CVE-2024-56451Same product: Huawei Harmonyos
CVE-2026-34851Same product: Huawei Harmonyos
CVE-2025-68968Same product: Huawei Harmonyos
CVE-2025-68955Same product: Huawei Harmonyos
CVE-2026-34856Same product: Huawei Harmonyos
CVE-2026-24926Same product: Huawei Harmonyos

Affected Assets

huawei
harmonyos
5.0.1, 5.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely installation of vendor patches directly remediates the multi-thread race condition vulnerability in the video framework module as detailed in Huawei's security bulletins.

detect

Vulnerability monitoring and scanning identifies CVE-2025-68960 in affected Huawei consumer products, enabling prompt flaw remediation.

detect

Receiving and disseminating security alerts and advisories from Huawei bulletins ensures awareness of the race condition vulnerability and available mitigations.

References