CVE-2025-27389

Application Installation Source Verification Flaw May Lead to Risk Detection Bypass

CVSS 5.1 MEDIUMEPSS 0.1%CWE-290

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Productos afectados

ColorOS · ColorOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1996493715665068032