Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by oneplus
CVE-2025-10184 (GCVE-0-2025-10184)
Vulnerability from cvelistv5 – Published: 2025-09-23 13:02 – Updated: 2025-09-23 13:26
VLAI
Title
OnePlus OxygenOS Telephony provider permission bypass
Summary
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.
The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/cve-2025-10184-o… | third-party-advisorytechnical-description |
| https://assets.contentstack.io/v3/assets/blte4f02… | exploit |
Impacted products
Date Public
2025-09-23 13:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:26:53.144445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:26:55.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/"
},
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OxygenOS",
"vendor": "OnePlus",
"versions": [
{
"status": "unaffected",
"version": "11.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "13.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "14.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "15.*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-09-23T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. \u003cbr\u003e\u003cbr\u003eThe root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the\u0026nbsp;update method of those providers."
}
],
"value": "The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. \n\nThe root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the\u00a0update method of those providers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:02:47.366Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/"
},
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OnePlus OxygenOS Telephony provider permission bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10184",
"datePublished": "2025-09-23T13:02:47.366Z",
"dateReserved": "2025-09-09T14:58:29.247Z",
"dateUpdated": "2025-09-23T13:26:55.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26309 (GCVE-0-2023-26309)
Vulnerability from cvelistv5 – Published: 2023-08-10 08:34 – Updated: 2024-10-08 14:50
VLAI
Title
A remote code execution vulnerability in the webview component
Summary
A remote code execution vulnerability in the webview component of OnePlus Store app.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Remote Code Execution
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPPO | OnePlus Store |
Affected:
3.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:34:46.417505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:50:47.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OnePlus Store",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability in the webview component of OnePlus Store app.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A remote code execution vulnerability in the webview component of OnePlus Store app.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T09:39:08.276Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote code execution vulnerability in the webview component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2023-26309",
"datePublished": "2023-08-10T08:34:12.390Z",
"dateReserved": "2023-02-21T23:18:21.567Z",
"dateUpdated": "2024-10-08T14:50:47.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13626 (GCVE-0-2020-13626)
Vulnerability from cvelistv5 – Published: 2020-10-09 05:02 – Updated: 2024-08-04 12:25
VLAI
Summary
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.oneplus.com/app/answers/detail/a_… | x_refsource_MISC |
| https://medium.com/%40bugsbunnyy1107/the-tell-tal… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-09T05:02:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker",
"refsource": "MISC",
"url": "https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker"
},
{
"name": "https://medium.com/@bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5",
"refsource": "MISC",
"url": "https://medium.com/@bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13626",
"datePublished": "2020-10-09T05:02:52.000Z",
"dateReserved": "2020-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}