Description

On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented. Due to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user’s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device.

INFO

Published Date :

2025-10-27T08:45:52.604Z

Last Modified :

2025-10-27T15:53:29.322Z

Source :

Google
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12080 vulnerability.

Vendors Products
Google
  • Android
  • Wear Os
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12080.

URL Resource
https://towerofhanoi.it/writeups/cve-2025-12080/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability