A significant security flaw, identified as CVE-2025-10184, affects OnePlus smartphones running OxygenOS 12 through 15. This vulnerability allows any installed application to access SMS and MMS messages without user permission. The issue stems from improperly secured internal content providers in the Android Telephony package, enabling unauthorized access to sensitive data.

Affected Devices:

• OnePlus 8T (OxygenOS 12)

• OnePlus 10 Pro 5G (OxygenOS 14 & 15)

Status:
A fix is being rolled out globally. The patch for the OnePlus 8T is expected by October 13, 2025, and for the OnePlus 10 Pro by October 15, 2025.

Recommendations for Users:

• Install apps only from trusted sources to minimize risks.

• Avoid SMS-based Multi-Factor Authentication (MFA); use authenticator apps or hardware keys instead.

• Use encrypted messaging apps like Signal or WhatsApp for sensitive communications.

• Enable push notifications for services that typically send SMS alerts.

The CVE-2025-10184 vulnerability poses a serious security risk. Applying the upcoming software update promptly is essential. Following the recommended precautions in the meantime will help protect personal data.