CVE-2025-46014

Exploit

EPSS 0.07%
Veröffentlicht 30.06.2025 00:00:00
Zuletzt bearbeitet 15.10.2025 20:06:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Honor ≫ Pc Manager Version <= 16.0.0.118

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.216

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/Souhardya/Exploit-PoCs/tree/main/HonorPCManager-PrivEsc

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-46014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-46014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-46014

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-46014