Search criteria
3 vulnerabilities by OnePlus
CVE-2025-10184 (GCVE-0-2025-10184)
Vulnerability from cvelistv5 – Published: 2025-09-23 13:02 – Updated: 2025-09-23 13:26
VLAI?
Summary
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.
The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Calum Hutton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:26:53.144445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:26:55.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/"
},
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OxygenOS",
"vendor": "OnePlus",
"versions": [
{
"status": "unaffected",
"version": "11.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "13.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "14.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "15.*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-09-23T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. \u003cbr\u003e\u003cbr\u003eThe root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the\u0026nbsp;update method of those providers."
}
],
"value": "The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. \n\nThe root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the\u00a0update method of those providers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:02:47.366Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/"
},
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OnePlus OxygenOS Telephony provider permission bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10184",
"datePublished": "2025-09-23T13:02:47.366Z",
"dateReserved": "2025-09-09T14:58:29.247Z",
"dateUpdated": "2025-09-23T13:26:55.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26309 (GCVE-0-2023-26309)
Vulnerability from cvelistv5 – Published: 2023-08-10 08:34 – Updated: 2024-10-08 14:50
VLAI?
Summary
A remote code execution vulnerability in the webview component of OnePlus Store app.
Severity ?
7.4 (High)
CWE
- Remote Code Execution
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPPO | OnePlus Store |
Affected:
3.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:34:46.417505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:50:47.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OnePlus Store",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability in the webview component of OnePlus Store app.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A remote code execution vulnerability in the webview component of OnePlus Store app.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T09:39:08.276Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote code execution vulnerability in the webview component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2023-26309",
"datePublished": "2023-08-10T08:34:12.390Z",
"dateReserved": "2023-02-21T23:18:21.567Z",
"dateUpdated": "2024-10-08T14:50:47.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13626 (GCVE-0-2020-13626)
Vulnerability from cvelistv5 – Published: 2020-10-09 05:02 – Updated: 2024-08-04 12:25
VLAI?
Summary
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-09T05:02:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker",
"refsource": "MISC",
"url": "https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker"
},
{
"name": "https://medium.com/@bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5",
"refsource": "MISC",
"url": "https://medium.com/@bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13626",
"datePublished": "2020-10-09T05:02:52",
"dateReserved": "2020-05-27T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}