CVE-2025-52458 PUBLISHED

arkcompiler_ets_runtime has an out-of-bounds write vulnerability

Assigner: OpenHarmony
Reserved: 01.07.2025 Published: 16.03.2026 Updated: 16.03.2026

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 5.5

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	OpenHarmony
Product	OpenHarmony
Versions	Default: unaffected affected from v5.0.3 to v5.1.0.x (incl.)

References

https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-10.md

Problem Types

CWE-787 Out-of-bounds write CWE