CVE-2025-27389

medium

Description

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.

References

https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1996493715665068032

Details

Source: Mitre, NVD

Published: 2025-12-05

Updated: 2025-12-05

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: High

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N