CVE-2025-12080

CVSS v4.0

6.9

Vector

AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions Google Messages for Wear OS (affected versions not specified)

Description A flaw exists in Google Messages for Wear OS where the handling of

ACTION SENDTO

intents using

sms:

smsto:

mms:

, and

mmsto:

Uniform Resource Identifier (URI) schemes is improperly configured. This allows an attacker who can invoke an Android intent to send messages on a user’s behalf to any recipient without requiring user interaction or permissions. The issue enables the silent and unauthorized transmission of messages from a compromised Wear OS device. The vulnerability was discovered in March 2025 and patched in May 2025.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2025-12080

Affected Products

Google Messages For Wear Os

CVE-2025-12080

Weakness Enumeration

Related Identifiers

Affected Products

References · 17