{"id":64089,"date":"2025-08-16T05:30:06","date_gmt":"2025-08-16T05:30:06","guid":{"rendered":""},"modified":"2025-09-03T03:46:58","modified_gmt":"2025-09-03T09:46:58","slug":"cve-2025-27577-arbitrary-code-execution-in-openharmony-via-race-condition-vulnerability","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-27577-arbitrary-code-execution-in-openharmony-via-race-condition-vulnerability\/","title":{"rendered":"CVE-2025-27577: Arbitrary Code Execution in OpenHarmony via Race Condition Vulnerability<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

Cybersecurity threats are evolving rapidly and one such threat that has recently caught the attention of cybersecurity professionals is CVE-2025-27577. This vulnerability, found in OpenHarmony version 5.0.3 and prior versions, can allow local attackers to execute arbitrary code via a race condition in tcb. It is a significant threat as it has the potential to compromise the system<\/a> or cause data leakage, impacting the privacy and integrity of users’ data.
\nThis vulnerability matters because OpenHarmony is widely used in various devices<\/a> and applications, making a large number of users potentially vulnerable to an attack. It requires immediate attention and remediation to prevent malicious entities from exploiting the loophole and causing irrevocable damage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-27577
\nSeverity: High (8.4 CVSS Score)
\nAttack Vector: Local
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n