- CVE-2025-10184 Lets attackers read and send SMS, including 2FA codes
- Vulnerability affects Oxygenos -Versions 12 to 15, used across many OnePlus -Units
- Rapid7 revealed errors after failed contact; OnePlus has not yet released a solution
A vulnerability in the software used in OnePlus smartphones could allow threat actors to send SMS messages on behalf of the victim, experts have warned.
Even worse, it allows them to read SMS content, including multi-factor approval codes, in cases where SMS is created as the secondary 2FA layer chosen, security researchers from RAPID7 reassessed.
The team recently discovered a vulnerability in several versions of Oxygenos, the operating system built for OnePlus phones, and based on Google’s Android affecting the telephone content provider in Oxygenos between versions 12 and 15, which means the problem may have been plagued by devices for at least four years.
Late response
The researchers confirmed the error working on a OnePlus 8T unit running Oxygenos 12, as well as several OnePlus 10 Pro 5G devices running Oxygenos 14 and 15.
Given how OnePlus builds and sends its phones, the researchers emphasized that the list of vulnerable devices is much, much longer.
Rapid7 said since it was detection of the question in May 2025, it tried to reach OnePlus, but supposedly – to no avail.
After a few failed experiments, the researchers released their findings along with a Proof-of-Concept (POC) in September, after which OnePlus publicly recognized the error and allegedly began to investigate.
At the time this article was published, OnePlus still has not released a solution, which means the error is still utilized on many of its devices.
To remain in safety, users must keep the number of installed apps to a minimum, only install them from reputable publishers and switch away from SMS-based two-factor approval.
In addition, communication should be moved away from SMS messages to other apps such as WhatsApp, Telegram or the like. The vulnerability is now traced as CVE-2025-10184 with a severity of 8.2/10 (high).
OnePlus is a subsidiary of the Chinese smartphone manufacturer Oppo and is known for building Premium smartphones at a competitive price.
Via Bleeping computer
