The vulnerability involves improper permission control within the theme setting component of Huawei's EMUI and HarmonyOS operating systems. By bypassing the intended access restrictions, an attacker could read or alter theme‑related configuration files, potentially revealing sensitive information tied to the service. The core weakness is a lack of proper privilege checks, aligning with CWE‑275. Consequently, the primary impact is a compromise of confidentiality, allowing disclosure of configuration details that may be used for further attacks.

Manufacturers affected are Huawei, specifically software versions packaged under the EMUI and HarmonyOS product lines. No precise version numbers are supplied in the advisory; therefore, any device running these operating systems until further notice may be considered vulnerable. Users should consult Huawei’s consumer support bulletin for confirmation of affected releases.

The assigned CVSS score of 6.9 reflects a Moderate severity level, but the vulnerability is neither listed in CISA’s KEV catalog nor associated with a known exploit probability metric. Based on the description, it is inferred that the attack vector requires local interaction with the theme manager or exploitation of unprotected API endpoints exposed to the user interface. Because no remote exploitation mechanism is expressly documented, the exploitation likelihood may be moderate. Prompt patching remains the most effective countermeasure.