OpenHarmony up to 5.0.3 type confusion

Summaryinfo

A vulnerability marked as problematic has been reported in OpenHarmony up to 5.0.3. Affected by this issue is some unknown functionality. The manipulation leads to type confusion. This vulnerability is traded as CVE-2025-21082. An attack has to be approached locally. There is no exploit available.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in OpenHarmony up to 5.0.3. This issue affects an unknown code. The manipulation with an unknown input leads to a type confusion vulnerability. Using CWE to declare the problem leads to CWE-843. The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. Impacted is availability. The summary by CVE is:

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

The advisory is shared at gitee.com. The identification of this vulnerability is CVE-2025-21082 since 03/02/2025. The exploitation is known to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-17395). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Smartphone Operating System

Name

• OpenHarmony

Version

• 5.0.0
• 5.0.1
• 5.0.2
• 5.0.3

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion