CVE-2019-5250
Description
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mate 20 Pro phones before 9.1.0.135 allow a malicious app to bypass student mode restrictions due to improper authorization.
Vulnerability
An improper authorization vulnerability exists in Mate 20 Pro smartphones running versions earlier than 9.1.0.135(C00E133R3P1). The software does not properly restrict certain operations related to student mode, allowing a malicious application to circumvent intended controls when the user later activates the student mode function [1].
Exploitation
An attacker must trick the user into installing a malicious application on the device before the user turns on student mode [1]. No additional authentication or network position is required beyond the user's voluntary installation of the app.
Impact
Successful exploitation allows the attacker to bypass the restrictions enforced by student mode, potentially enabling unauthorized access to content or functionality that student mode is designed to limit [1].
Mitigation
Huawei has released a software update to fix this vulnerability. The resolved version is 9.1.0.135(C00E133R3P1) [1]. Users should update their devices to this or a later version. No workarounds are mentioned in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Huawei/Mate 20 Pro smartphonesdescription
- Range: < 9.1.0.135(C00E133R3P1)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-smartphone-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.