CVE Catalog

CVE-2025-67316

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. The supplier is currently disputing this finding and the record is under review.

Risk Assessment

The risk involves potential remote code execution, which could allow an attacker to take control of the device, steal data, or install malware without user knowledge.

Recommendation

It is recommended to refrain from using the built-in browser until the issue is resolved by the supplier and consider using an alternative, secure browser.

Original NVD description (English source)

An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS