This vulnerability in Huawei HarmonyOS arises from insufficient permission controls in the file preview module, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It allows an attacker with local access and user interaction to potentially access sensitive information without proper authorization. The CVSS vector indicates low attack complexity and no privileges required, but user interaction is necessary. The impact is limited to confidentiality without affecting integrity or availability.

Exploitation of this vulnerability can lead to unauthorized disclosure of sensitive information within the affected HarmonyOS versions. The confidentiality of services relying on the file preview module may be compromised. There is no indication of impact on system integrity or availability. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is documented, users should monitor Huawei's advisories for updates. Until a patch is available, restrict access to affected versions and limit user interaction with untrusted files in the file preview module where possible.