If you own a OnePlus smartphone and have a penchant for experimenting with apps beyond the mainstream options, there’s a concerning risk: your text messages may be accessed without your knowledge.
Cybersecurity expert firm Rapid7 has issued a stark warning regarding a critical vulnerability affecting various OnePlus devices. This flaw permits apps to gain unauthorized access to SMS and MMS data, and distressingly, thereās no indication that this breach has occurred.
Rapid7 notes: āShould this vulnerability be exploited, any app installed on the device could access SMS and MMS data along with its metadata via the system-provided Telephony providerāthis bypasses the need for permission, user interaction, or consent.ā
For users who rely on SMS-based authentication, the implications are even more severe, as their accounts could also be jeopardized.
This issue has been cataloged by Rapid7 as CVE-2025-10184 and spans several versions of OxygenOS, originating from the OnePlus 8T onward. The vulnerability materialized when OnePlus modified its default Android telephony app during the shift to Android 12.
Foundry | Alex Walker-Todd
As per 9to5Google, attempts by Rapid7 to notify OnePlus of the vulnerability began months ago. Only after the public revelation of the bug did OnePlus acknowledge the security risk. When approached by 9to5Google, OnePlus issued the following statement:
āWe acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally via software update starting from mid-October. OnePlus remains committed to protecting customer data and will continue to prioritize security improvements.ā
Protective Measures You Can Take
While itās concerning that thereās no definitive way to ascertain whether your SMS/MMS data has been compromised, you can take the following proactive steps to safeguard your information:
- Uninstall any unneeded applications, particularly those that are obscure or from unknown developers.
- Only download apps from recognized and reputable sources.
- Switch from SMS-based two-factor authentication to an authenticator app for enhanced security.
- Update your OnePlus device as soon as the patch is available in mid-October.
If this situation has prompted you to consider an upgrade, be sure to check out our recommendations for the best smartphones and best tablets available right now.
This article originally appeared on our sister publication M3 and was translated and adapted from Swedish.
