CVE-2025-24298 — in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code e... | CVE Daily

High CVSS 8.4

Overview

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.

CWE: CWE-416 Published: 2025-08-11T04:15:33.440

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.4 (HIGH)
Detected tags: rce, use_after_free (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Recommended tools

Tags