CVE-2025-57838

Vulnerability

Overview

CVE-2025-57838 is an information leak vulnerability affecting certain Honor products running MagicOS 9.0.0.100. The official advisory confirms that successful exploitation may affect service confidentiality [1]. The root cause is not detailed in the public advisory, but the vulnerability is classified as an information disclosure issue.

Exploitation

The advisory does not specify the attack vector, prerequisites, or authentication requirements. However, information leak vulnerabilities typically require local access or a man-in-the-middle position to intercept sensitive data. No proof-of-concept or active exploitation has been publicly reported as of the advisory date.

Impact

An attacker who successfully exploits this vulnerability could gain unauthorized access to confidential information processed by the affected service. This could include user data, system secrets, or other sensitive material, depending on the service's role. The CVSS v3 base score of 4.0 (Medium) reflects the limited scope of the impact, which is confined to confidentiality without affecting integrity or availability.

Mitigation

Honor has released a software update to fix this vulnerability. The fix is included in MagicOS version 9.0.0.100. Users with automatic update prompts for supported products [1]. Users are advised to install the update promptly. No workarounds are provided.