These OnePlus smartphones may be leaking your SMS messages to hackers

OnePlus smartphones running OxygenOS versions 12 through 15 contain a critical security vulnerability that allows malicious apps to read and send SMS messages without user permission, cybersecurity firm Rapid7 revealed this week. The flaw, tracked as CVE-2025-10184 with a severity score of 8.2 out of 10, potentially affects millions of devices manufactured over the past four years.

The vulnerability enables attackers to access sensitive text messages, including two-factor authentication codes, and send unauthorized SMS messages on behalf of victims. Only devices still running 2020’s OxygenOS 11 or earlier remain unaffected by this security breach.