CVE-2025-67316

MEDIUM

realme Internet Browser 45.13.4.1 - Remote Code Execution via Crafted Webpage

Title source: llm

Description

An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review.

References (3)

Core 3

Core References

Broken Link

http://internet.com

Not Applicable

http://realme.com

Exploit, Third Party Advisory

https://gist.github.com/Brucewebva/ceb365b7cea0d0b8ec0ce6755177de83

Scores

CVSS v3 5.4

EPSS 0.0028

EPSS Percentile 20.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

heytap/internet_browser 45.13.4.1

Published Jan 05, 2026

Tracked Since Feb 18, 2026