Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for ColorOS by ColorOS
CVE-2025-27389 (GCVE-0-2025-27389)
Vulnerability from cvelistv5 – Published: 2025-12-05 03:19 – Updated: 2025-12-05 16:20
VLAI?
Title
Application Installation Source Verification Flaw May Lead to Risk Detection Bypass
Summary
A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.
Severity ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Date Public ?
2025-12-04 08:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T16:20:11.207457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:20:31.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ColorOS",
"vendor": "ColorOS",
"versions": [
{
"status": "affected",
"version": "ColorOS 11\u201315"
}
]
}
],
"datePublic": "2025-12-04T08:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning."
}
],
"value": "A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning."
}
],
"impacts": [
{
"capecId": "CAPEC-151",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-151 Identity Spoofing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T03:19:49.490Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1996493715665068032"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Application Installation Source Verification Flaw May Lead to Risk Detection Bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2025-27389",
"datePublished": "2025-12-05T03:19:49.490Z",
"dateReserved": "2025-02-24T03:04:32.845Z",
"dateUpdated": "2025-12-05T16:20:31.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27389 (GCVE-0-2025-27389)
Vulnerability from nvd – Published: 2025-12-05 03:19 – Updated: 2025-12-05 16:20
VLAI?
Title
Application Installation Source Verification Flaw May Lead to Risk Detection Bypass
Summary
A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.
Severity ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Date Public ?
2025-12-04 08:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T16:20:11.207457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:20:31.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ColorOS",
"vendor": "ColorOS",
"versions": [
{
"status": "affected",
"version": "ColorOS 11\u201315"
}
]
}
],
"datePublic": "2025-12-04T08:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning."
}
],
"value": "A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning."
}
],
"impacts": [
{
"capecId": "CAPEC-151",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-151 Identity Spoofing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T03:19:49.490Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1996493715665068032"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Application Installation Source Verification Flaw May Lead to Risk Detection Bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2025-27389",
"datePublished": "2025-12-05T03:19:49.490Z",
"dateReserved": "2025-02-24T03:04:32.845Z",
"dateUpdated": "2025-12-05T16:20:31.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}