Cyber Posture

CVE-2025-68960

High

Published: 14 January 2026

Published
14 January 2026
Modified
15 January 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0000 0.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68960 is a high-severity Race Condition (CWE-362) vulnerability in Huawei Harmonyos. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely installation of vendor patches directly remediates the multi-thread race condition vulnerability in the video framework module as detailed in Huawei's security bulletins.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Vulnerability monitoring and scanning identifies CVE-2025-68960 in affected Huawei consumer products, enabling prompt flaw remediation.

SI-5 Security Alerts, Advisories, and Directives good match
detect

Receiving and disseminating security alerts and advisories from Huawei bulletins ensures awareness of the race condition vulnerability and available mitigations.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local unauthenticated race condition (CWE-362) in video framework directly enables privilege escalation to high-impact compromise (C/I/A).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Deeper analysisAI

CVE-2025-68960 is a multi-thread race condition vulnerability, classified under CWE-362, in the video framework module. It affects Huawei consumer products, as indicated by the vendor's security bulletins. The vulnerability was published on 2026-01-14T03:15:50.560 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high impacts across confidentiality, integrity, and availability despite the primary noted effect on availability.

A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation allows the attacker to gain high-level unauthorized access to sensitive data, modify system integrity, and disrupt availability, potentially leading to full compromise of the affected video framework module.

Huawei has published security bulletins addressing this issue, available at https://consumer.huawei.com/en/support/bulletin/2026/1/ and https://consumer.huawei.com/en/support/bulletinlaptops/2026/1/, which likely detail patches and mitigation steps for affected consumer devices.

Details

CWE(s)
CWE-362

Affected Products

huawei
harmonyos
5.0.1, 5.1.0

CVEs Like This One

CVE-2025-68957Same product: Huawei Harmonyos
CVE-2025-68958Same product: Huawei Harmonyos
CVE-2025-68956Same product: Huawei Harmonyos
CVE-2026-24930Same product: Huawei Harmonyos
CVE-2025-68955Same product: Huawei Harmonyos
CVE-2026-34856Same product: Huawei Harmonyos
CVE-2024-56439Same product: Huawei Harmonyos
CVE-2024-56451Same product: Huawei Harmonyos
CVE-2026-34851Same product: Huawei Harmonyos
CVE-2025-68968Same product: Huawei Harmonyos

References