Unauthorized Messaging Vulnerability in Google Messages on Wear OS Devices
CVE-2025-12080

6.9MEDIUM

Key Information:

Vendor

Google
Status
Wearos
Vendor
CVE Published:
27 October 2025

Badges

๐Ÿ”ฅ Trending now๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 2,060

What is CVE-2025-12080?

CVE-2025-12080 is a serious vulnerability found in the Google Messages application on Wear OS devices. This application is designed to handle SMS, MMS, and RCS communications for users, providing a platform for messaging and interaction. The identified vulnerability stems from a misconfiguration in how the application processes specific intent actions related to messaging, such as ACTION_SENDTO, when it is set as the default messaging application. This flaw allows an attacker who can invoke an Android intent to exploit the system and send messages from the user's device without their knowledge or consent. The implications of this vulnerability are significant, as it enables unauthorized individuals to send messages to any recipient, potentially leading to a variety of malicious outcomes without any user interaction or permission, thereby undermining the fundamental trust in messaging security on Wear OS devices.

Potential impact of CVE-2025-12080

  1. Unauthorized Message Transmission: The primary impact of this vulnerability is the ability for attackers to send messages on behalf of the user to arbitrary recipients. This could lead to the dissemination of false information, phishing attempts, or other malicious content without the user's knowledge.

  2. Privacy Breach: Users' private communications may be compromised, as the vulnerability allows for messages to be sent without user consent. This undermines the privacy expectations users have when utilizing messaging services, potentially exposing sensitive information or contexts to unintended parties.

  3. Reputation Damage: If exploited, this vulnerability could harm the reputation of individuals or organizations whose identities are misused to send messages. The potential for impersonation or misuse of messaging could lead to trust issues not only for the targeted users but also in the broader ecosystem of users relying on Google Messages for secure communication.

Affected Version(s)

WearOS 0 < 30-04-2025

References

https://towerofhanoi.it/writeups/cve-2025-12080/

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gabriele Digregorio (Io_no)
JSON
.
CVE-2025-12080 : Unauthorized Messaging Vulnerability in Google Messages on Wear OS Devices