CVE-2025-12080

Name of the Vulnerable Software and Affected Versions Google Messages for Wear OS (affected versions not specified)

Description A flaw exists in Google Messages for Wear OS where the handling of ACTION SENDTO intents using sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is improperly configured. This allows an attacker who can invoke an Android intent to send messages on a user’s behalf to any recipient without requiring user interaction or permissions. The issue enables the silent and unauthorized transmission of messages from a compromised Wear OS device. The vulnerability was discovered in March 2025 and patched in May 2025.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.