CVE-2025-27389

MEDIUM

ColorOS - Info Disclosure

Title source: llm

Description

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.

References (1)

[Various Sources] https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1996493715665068032

Scores

CVSS v4 5.1

EPSS 0.0003

EPSS Percentile 7.4%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (1)

ColorOS/ColorOS ColorOS 11–15

Published Dec 05, 2025

Tracked Since Feb 18, 2026