The identified flaw is a use-after-free vulnerability in the filemanagement_storage_service component of OpenHarmony. The flaw permits local attackers to gain arbitrary code execution by freeing an object and subsequently accessing its memory. This weakness aligns with CWE‑416 and provides the attacker with control over application flow, potentially compromising confidentiality, integrity, and availability for the affected system.

Affected products are OpenHarmony from vendor OpenHarmony, specifically versions 6.0 and all earlier releases. No impact on later versions is indicated; the vendor must verify that the issue is resolved in subsequent releases.

The CVSS score of 6.5 indicates a moderate severity level. Exploitation probability cannot be assessed from the EPSS as it is not available, and the vulnerability is not listed in the CISA KEV catalog. The exploit requires local access to trigger, which suggests that any user with significant privileges on the device could mount an attack once they can manipulate the service. Until an official patch is released, remediation is limited to limiting local access and applying general memory-safety mitigations.