[Security-bulletin] 2025年12月安全公告

2 Dec 2025


      发布于2025.12.02

备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。
CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接
CVE-2025-12736multimedia_audio_standard 信息泄露漏洞特定场景下, 本地攻击者可造成信息泄露中危6.5OpenHarmony-v5.0.3-Releasemultimedia_audio_standard5.0.3.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2025-39994无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-39931无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-39913无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-39905无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-39760无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x
CVE-2025-39730无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x
CVE-2025-39724无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-39689无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x
CVE-2025-39683无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-38732无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-38702无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x
CVE-2025-38694无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x
CVE-2025-38680无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x
CVE-2023-53588无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2023-53577无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2023-53450无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2023-53221无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2022-50552无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2022-50445无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。
对应维护版本安全补丁修改方式参考链接
6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4262
5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4261
5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4263

[Security-bulletin] 2025年12月安全公告

王晨