OnePlus might be riding the wave of excitement for its upcomingOnePlus 15 release, but its older devices appear to be victims of a serious security flaw. A cybersecurity firm has discovered a vulnerability that exposes SMS and MMS data from some OnePlus smartphones.
OnePlus phones are at risk from a security vulnerability, but a patch is on the way
If your OnePlus device is running OxygenOS 12 or later, you’re likely at risk from a newly discovered security flaw. The breach leaves SMS and MMS data exposed, but OnePlus has finally acknowledged it and said it’ll release a patch in mid-October.
The vulnerability was discovered by the security company Rapid7 on devices running OxygenOS 12, 14, and 15. The vulnerability exists because of modifications to the Telephony service on Android done by OnePlus. Thanks to those changes, installed apps can access SMS and MMS data, along with metadata, “without permission, user interaction, or consent.”
Rapid7 claims it had tried to inform OnePlus about the vulnerability, dubbed CVE-2025-10184, months before publishing it on Monday, but the company never responded. OnePlus confirmed it was aware of the issue in a statement to 9to5Google.
We acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally via software update starting from mid-October. OnePlus remains committed to protecting customer data and will continue to prioritize security improvements.
OnePlus, September 2025
How to keep yourself safe?
If you have a OnePlus 8 with OxygenOS 11, you are safe from the vulnerability | Image Credit – PhoneArena
If you have a OnePlus device that could be vulnerable to the flaw, Rapid7 recommends only installing apps from trusted sources and uninstalling any app you don’t need. The security firm also says you should move your texting to encrypted messaging apps and switch from SMS two-factor authentication to an authenticator app.
Do you use SMS for two-factor authentication?
Yes, it’s more convenient
50%
Only when I don’t have other choice
40.91%
No, I use only an authenticator app
9.09%
In fact, implementing those tips could be a good idea even if you’re not a OnePlus user. Security flaws are discovered all the time, across operating systems and with all sorts of devices. Recently, a WhatsApp flaw put iPhone 16 and older in danger, and a similar vulnerability was discovered on Galaxy S25 and other Samsung phones.
Common sense is good for security
Keeping yourself safe often sounds like too much work, but some simple steps can help you drastically improve your security. Update your devices and apps often, so you get the latest security patches. Don’t install apps from unofficial sources unless you know what you’re doing. Stay away from shady websites. These simple steps should keep you out of trouble most of the time.
Travel Easy with Nomad eSIM – 25% Off
25% off eSIM data-only plans & global coverage - enter code IPHONE25, sign up required
Ilia, a tech journalist at PhoneArena, has been covering the mobile industry since 2011, with experience at outlets like Forbes Bulgaria. Passionate about smartphones, tablets, and consumer tech, he blends deep industry knowledge with a personal fascination that began with his first Nokia and Sony Ericsson devices. Originally from Bulgaria and now based in Lima, Peru, Ilia balances his tech obsessions with walking his dog, training at the gym, and slowly mastering Spanish.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: