Flaw in Application Source Verification within ColorOS by OPPO
CVE-2025-27389

5.1MEDIUM

Key Information:

Vendor: Coloros
Status: Coloros
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-27389?

A security flaw has been identified in ColorOS that impacts the verification of application installation sources. This issue poses a risk of malicious applications being installed without appropriate warnings, as the mechanism designed to detect these threats may fail under specific conditions. Ensuring the integrity of application sources is crucial in maintaining user security and preventing unauthorized installations.

Affected Version(s)

ColorOS ColorOS 11–15

References

https://security.oppo.com/en/noticeDetail?notice_only_key...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Feb 24, 2025

CVE-2025-27389 Data

JSON

Coloros

What is CVE-2025-27389?

Affected Version(s)

References

CVSS V4

Timeline