CVE-2025-67316
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. The supplier is currently disputing this finding and the record is under review.
Risk Assessment
The risk involves potential remote code execution, which could allow an attacker to take control of the device, steal data, or install malware without user knowledge.
Recommendation
It is recommended to refrain from using the built-in browser until the issue is resolved by the supplier and consider using an alternative, secure browser.
Original NVD description (English source)
An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review.

