Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-10184
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OnePlus OxygenOS Telephony provider permission bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
OnePlus OxygenOS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OnePlus OxygenOS是中国一加(OnePlus)公司的一款智能手机操作系统。 OnePlus OxygenOS存在安全漏洞,该漏洞源于多个内容提供程序缺少写入操作权限以及这些提供程序的update方法中存在SQL注入,可能导致敏感信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
OnePlusOxygenOS 11.* -
II. Public POCs for CVE-2025-10184
#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/People-11/CVE-2025-10184_PoCPOC Details
2ColorOS短信漏洞https://github.com/yuuouu/ColorOS-CVE-2025-10184POC Details
3OxygenOS Telephony provider permission bypasshttps://github.com/Webpage-gh/CVE-2025-10184-PoCPOC Details
4🔍 Identify and analyze the CVE-2025-10184 vulnerability in ColorOS, affecting SMS data access in OPPO and its sub-brands.https://github.com/ENGWes/ColorOS-CVE-2025-10184POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-10184
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-862
V. Comments for CVE-2025-10184

No comments yet

Leave a comment