CVE-2025-12736

MEDIUM

OpenHarmony <=5.0.3 multimedia_audio_standard - Uninitialized Resource Information Leak

Title source: manual

in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.

Core 1

Core References

CVSS v3 6.5

EPSS 0.0017

EPSS Percentile 6.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-908

Status published

Products (2)

openatom/openharmony 5.0.3

OpenHarmony/OpenHarmony v5.0.3 - v5.0.3.x

Published Mar 16, 2026

Tracked Since Mar 16, 2026