A essential safety vulnerability has been found in OPPO’s Clone Telephone characteristic that might expose delicate consumer information by means of inadequately secured WiFi hotspots.
The vulnerability, designated CVE-2025-27387, impacts ColorOS 15.0.2 and earlier variations, presenting a high-severity danger with a CVSS rating of seven.4 out of 10.
Safety researcher FlorianDraschbache recognized this flaw in Might 2025, prompting quick consideration from cybersecurity communities worldwide.
Abstract
1. OPPO Clone Telephone characteristic incorporates a high-severity safety flaw (CVE-2025-27387) that exposes delicate consumer information throughout file transfers.
2. The vulnerability stems from insufficient WPA passphrase safety on WiFi hotspots, permitting close by attackers to intercept private information like contacts, messages, and pictures with out requiring particular entry.
3. All ColorOS 15.0.2 and earlier variations are affected, placing hundreds of thousands of OPPO gadget customers susceptible to information publicity.
4. No patch timeline has been introduced – customers ought to keep away from Clone Telephone performance in untrusted environments till updates are launched.
Expose Knowledge by way of Weak Wi-Fi Passphrases
The vulnerability stems from OPPO Clone Telephone’s implementation of weak WPA passphrases as the only real safety mechanism for file switch operations.
In keeping with the GitHub Advisory Database, the flaw is assessed underneath CWE-200 (Data Publicity), indicating improper restriction of data entry.
The technical evaluation reveals an assault vector marked as “Adjoining” with low assault complexity, that means malicious actors inside WiFi vary can exploit this weak spot with out requiring particular privileges or consumer interplay.
The CVSS v3.1 base metrics element the vulnerability’s traits: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.
This vector signifies adjoining community entry (AV:A), low complexity (AC:L), no privileges required (PR:N), no consumer interplay wanted (UI:N), modified scope (S:C), and excessive confidentiality affect (C:H).
The vulnerability permits unauthorized info disclosure throughout file switch operations between units utilizing OPPO’s Clone Telephone characteristic.
When customers provoke information migration, the system creates a WiFi hotspot protected solely by weak authentication mechanisms, doubtlessly permitting close by attackers to intercept delicate private information, together with contacts, messages, pictures, and software information.
Threat FactorsDetailsAffected ProductsColorOS 15.0.2 and belowImpactInformation disclosure by way of weak WiFi hotspot passwords throughout file transfers;Exploit PrerequisitesAdjacent community entry (inside WiFi vary)- No particular privileges required- No consumer interplay needed- Low assault complexityCVSS 3.1 Score7.4 (Excessive)
OPPO revealed this advisory yesterday, emphasizing the urgency of addressing this safety hole.
The excessive confidentiality affect score signifies that profitable exploitation might end in full publicity of transferred info.
Organizations and particular person customers counting on OPPO units for delicate information administration face important privateness dangers, notably in environments with a number of WiFi-enabled units.
Whereas particular patch timelines stay undisclosed, customers ought to keep away from utilizing Clone Telephone performance in untrusted environments till safety updates are launched.
The GHSA ID GHSA-5fm5-q6q3-865x has been assigned for monitoring functions inside GitHub’s safety advisory system.
Customers working ColorOS 15.0.2 and under ought to monitor official OPPO safety bulletins for firmware updates addressing this vulnerability and think about different safe file switch strategies for delicate information migration.
Are you from SOC/DFIR Groups! – Work together with malware within the sandbox and discover associated IOCs. – Request 14-day free trial
