{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6969", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "state": "PUBLISHED", "assignerShortName": "OpenHarmony", "dateReserved": "2025-07-01T12:16:26.715Z", "datePublished": "2026-03-16T07:10:50.482Z", "dateUpdated": "2026-03-16T17:21:51.294Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2026-03-16T07:10:50.482Z"}, "title": "ability_ability_runtime an improper input validation vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper input validation", "type": "CWE"}]}], "affected": [{"vendor": "OpenHarmony", "product": "OpenHarmony", "versions": [{"status": "affected", "version": "v5.0.3", "lessThanOrEqual": "v5.1.0.x", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS& through improper input."}]}], "references": [{"url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.md"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T17:18:58.888464Z", "id": "CVE-2025-6969", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T17:21:51.294Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6969", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T17:18:58.888464Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T17:20:15.782Z"}}], "cna": {"title": "ability_ability_runtime an improper input validation vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenHarmony", "product": "OpenHarmony", "versions": [{"status": "affected", "version": "v5.0.3", "versionType": "custom", "lessThanOrEqual": "v5.1.0.x"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.md"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.", "supportingMedia": [{"type": "text/html", "value": "in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS& through improper input.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper input validation"}]}], "providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2026-03-16T07:10:50.482Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6969", "state": "PUBLISHED", "dateUpdated": "2026-03-16T17:21:51.294Z", "dateReserved": "2025-07-01T12:16:26.715Z", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "datePublished": "2026-03-16T07:10:50.482Z", "assignerShortName": "OpenHarmony"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openatom:openharmony:5.0.3:*:*:*:-:*:*:*", "matchCriteriaId": "191FD913-141A-4354-81C3-96C87D4D7CAE", "vulnerable": true}, {"criteria": "cpe:2.3:o:openatom:openharmony:5.1.0:*:*:*:-:*:*:*", "matchCriteriaId": "0BE5D50A-ABFA-476E-BAE6-41EFEAC1F486", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input."}], "id": "CVE-2025-6969", "lastModified": "2026-03-17T19:59:42.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "scy@openharmony.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T14:18:02.277", "references": [{"source": "scy@openharmony.io", "tags": ["Vendor Advisory"], "url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.md"}], "sourceIdentifier": "scy@openharmony.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "scy@openharmony.io", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[v5.0.3,v5.1.0.x]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenHarmony", "source": "cna", "vendor": "OpenHarmony"}, "product": "openharmony", "vendor": "openharmony"}], "analysis": {"en": {"generated_at": "2026-03-17T22:06:59.766904+00:00", "value": {"mitigation_remediation": ["Apply the latest OpenHarmony update (deployed after 5.1.0) or vendor patch to fix the input validation issue.", "If an immediate update is unavailable, limit local user privileges and isolate the system from critical services until a patch can be applied.", "Monitor system logs for abnormal activity that may signal attempts to abuse the vulnerability."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (local)"}, "threat_synthesis": {"affected_systems": "Affected products are OpenHarmony (OpenAtom) versions 5.0.3 and 5.1.0 (and any prior releases). The CNA identifies these as vulnerable, with the bug present in both tagged releases.", "description_and_impact": "In OpenHarmony versions 5.1.0 and earlier, the ability runtime component fails to properly validate input, allowing a local attacker to trigger a denial\u2011of\u2011service condition. This flaw is rooted in CWE\u201120 (Improper Input Validation) and can cause the system or specific services to become unresponsive when malformed data is processed. The impact is confined to the local machine, where the attacker can disrupt availability of the operating system or critical applications.", "risk_and_exploitability": "The CVSS score of 5 denotes moderate severity, while the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability has not been reported in CISA\u2019s KEV catalog and appears to be exploitable only by an attacker with local access. Consequently, the overall risk is moderate, but the likelihood of real\u2011world exploitation remains low."}}}}, "created": "2026-03-17T09:53:05.576894+00:00", "updated": "2026-03-24T10:45:29.910855+00:00", "vendors": ["openharmony", "openharmony$PRODUCT$openharmony"]}