CVE-2025-27389 | THREATINT

Description

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.

PUBLISHED Reserved 2025-02-24 | Published 2025-12-05 | Updated 2025-12-05 | Assigner OPPO

MEDIUM: 5.1CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-290 Authentication Bypass by Spoofing

Product status

Default status

unaffected

ColorOS 11–15

affected

References

security.oppo.com/...ice_only_key=NOTICE-1996493715665068032

cve.org (CVE-2025-27389)

nvd.nist.gov (CVE-2025-27389)