OnePlus Phones Face Major Security Risk: OxygenOS Flaw Exposes SMS Data
OnePlus smartphone users are facing a serious security threat after analysts discovered a flaw in OxygenOS that allows apps to directly access SMS messages without user permission.
The vulnerability affects both older and newer versions of OxygenOS in markets such as India and the US. According to cybersecurity firm Rapid7, the flaw enables apps to read SMS content, which is particularly dangerous since text messages often carry OTPs for payments, logins, and other sensitive tasks.
If exploited, the flaw could let malicious apps steal two-factor authentication codes, drain bank accounts, or hijack digital accounts—all without the user’s knowledge.
Which Devices Are Affected?
Rapid7 notes that all OnePlus phones running OxygenOS 12 and newer, including builds based on Android 15, are at risk. Highlighted models include:
- OnePlus 8T
- OnePlus 10 Pro 5G (Android 14 & 15)
- Potentially newer models such as the OnePlus 12, OnePlus 13, and the OnePlus Open foldable
OnePlus Responds
After being contacted by Rapid7, OnePlus acknowledged the flaw (CVE-2025-10184) and confirmed that a fix will be rolled out globally via a software update starting mid-October.
“We acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally via software update starting from mid-October. OnePlus remains committed to protecting customer data and will continue to prioritize security improvements,” a spokesperson told PCMag.
What Should Users Do?
Until the patch is available, OnePlus users are advised to:
- Avoid installing apps from unknown sources
- Be cautious with emails and links from untrusted contacts
- Use authentication apps instead of SMS for logins
