Flaw in Application Source Verification within ColorOS by OPPO
CVE-2025-27389

5.1MEDIUM

Key Information:

Vendor: Coloros
Status: Coloros
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-27389?

A security flaw has been identified in ColorOS that impacts the verification of application installation sources. This issue poses a risk of malicious applications being installed without appropriate warnings, as the mechanism designed to detect these threats may fail under specific conditions. Ensuring the integrity of application sources is crucial in maintaining user security and preventing unauthorized installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ColorOS ColorOS 11–15

References

https://security.oppo.com/en/noticeDetail?notice_only_key...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Feb 24, 2025

JSON

Coloros

What is CVE-2025-27389?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.