Affiliate links on Android Authority may earn us a commission. Learn more.
September 26, 2025
If a OnePlus phone is your daily driver, it’s likely affected by a serious vulnerability that can allow bad apps to secretly read your text messages.
Uncovered by cybersecurity firm Rapid7, the flaw affects a wide range of OnePlus devices running various versions of Oxygen OS. It poses a significant threat to sensitive and personal information received in SMSes, including codes used for two-factor authentication.
The issue is tracked as CVE-2025-10184. It allows malicious apps on affected OnePlus phones to access SMS and MMS data without user permission, interaction, or notification. This means hackers can potentially spy on private messages or bypass security checks that rely on SMS codes.
Don’t want to miss the best from Android Authority?
Rapid7 tested and confirmed the vulnerability on the OnePlus 8T and OnePlus 10 Pro running Oxygen OS 12, 14, and 15. Because the vulnerability affects a core Android system component, researchers warn it could also affect any other OnePlus device running the aforementioned versions of Oxygen OS, and that its impact could be “high.”
A little late, but OnePlus has acknowledged the problem and says a fix is on the way. Unfortunately, there’s still a while before it rolls out widely. In a statement shared with 9to5Google, the company said:
Rapid7 says it initially tried to contact OnePlus through its bug bounty program but was unable to do so due to restrictive non-disclosure terms. As a result, the company decided to disclose the flaw publicly.
Until the fix is rolled out in October, users on OxygenOS 12 or newer will remain at risk. So ff you’re using a OnePlus phone, it would be wise not to install apps from unknown sources, at least till the fix rolls out.
Thank you for being part of our community. Read our Comment Policy before posting.