If you are utilizing a OnePlus smart device running OxygenOS 12, 14, or 15, we have news that needs to be worrying to you. Previously today, cybersecurity company Rapid7 exposed that OnePlus smart devices running these OxygenOS variations have a significant security defect that might permit destructive apps access to SMS and MMS information on your smart device without authorization, user interaction, or authorization.
The company likewise stated that the “user is also not notified that SMS data is being accessed,” which “could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.”
Rapid7 checked and validated the vulnerability on numerous OnePlus mobile phones and OxygenOS develops, as noted in the table listed below.
The cybersecurity company specified that this vulnerability, tracked as CVE-2025-10184, was presented as part of OxygenOS 12, as the variations of OxygenOS 11 it checked were not susceptible to this concern.
While Rapid7 stated that this security defect “does not seem to be a hardware-specific issue,” its possible effect is thought about to be high as it impacts a core part of Android, and OnePlus gadgets besides the 8T or 10 Pro 5G running OxygenOS 12, 14, or 15 might likewise be susceptible to it.
OnePlus 10 Pro 5G
Rapid7 initially gotten in touch with OnePlus on May 1, 2025, to discuss this concern, and ever since, it connected to OnePlus and Oppo half a lots times before openly divulging its findings on September 23, 2025. A day later on, OnePlus reacted to Rapid7, acknowledging the company’s disclosure and notifying them that the Chinese brand name is examining the concern.
OnePlus 8T
These are the very best deals from our affiliate partners. We might get a commission from certifying sales.
These are the very best deals from our affiliate partners. We might get a commission from certifying sales.
OnePlus 10 Pro
These are the very best deals from our affiliate partners. We might get a commission from certifying sales.
These are the very best deals from our affiliate partners. We might get a commission from certifying sales.
OnePlus didn’t inform Rapid7 what actions it would be taking; nevertheless, in a declaration shown 9to5Google later on, a OnePlus representative stated, “We acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally via software update starting from mid-October. OnePlus remains committed to protecting customer data and will continue to prioritize security improvements.“
What can users of impacted OnePlus gadgets do up until the repair shows up in mid-October?
The folks at Rapid7 have actually recommended the users of the impacted OnePlus gadgets to take the following actions:
- Just set up apps from relied on sources and eliminate all non-essential apps. This will restrict direct exposure to untrusted apps that might use this approval bypass to check out SMS/MMS information.
- Evaluation what third-party services utilize SMS based multi-factor authentication (MFA) and alter those services to rather utilize an authenticator app. This will restrict delicate details being sent out to your gadget over SMS.
- For extra personal privacy of text, users can utilize end-to-end encrypted messenger apps rather of SMS based interaction. This will restrict delicate details being sent out to your gadget over SMS.
- For third-party services that send out SMS based alerts, it might be possible to alter to in-app push alerts. This will restrict delicate info being sent out to your gadget over SMS.
You can click on this link to check out the complete disclosure by Rapid7 for more information.