Application Installation Source Verification Flaw May Lead to Risk Detection Bypass
CVE-2025-27389

5.1MEDIUM

Key Information:

Vendor: Coloros
Status: Coloros
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-27389?

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.

Affected Version(s)

ColorOS ColorOS 11–15

References

https://security.oppo.com/en/noticeDetail?notice_only_key...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Feb 24, 2025

JSON

Coloros

What is CVE-2025-27389?

Affected Version(s)

References

CVSS V4

Timeline