{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-12080", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2025-10-22T15:24:43.272Z", "datePublished": "2025-10-27T08:45:52.604Z", "dateUpdated": "2025-10-27T15:53:29.322Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WearOS", "vendor": "Google", "versions": [{"lessThan": "30-04-2025", "status": "affected", "version": "0", "versionType": "date"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:wearos:*:*:*:*:*:*:*:*", "versionEndExcluding": "30-04-2025", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Gabriele Digregorio (Io_no)"}], "datePublic": "2025-10-22T22:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>On <b>Wear OS</b> devices, when <b>Google Messages</b> is configured as the default SMS/MMS/RCS application, the handling of <b><code>ACTION_SENDTO</code></b> intents utilizing the <code>sms:</code>, <code>smsto:</code>, <code>mms:</code>, and <code>mmsto:</code> Uniform Resource Identifier (URI) schemes is <b>incorrectly implemented</b>.</p><p>Due to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to <b>send messages on the user\u2019s behalf</b> to <b>arbitrary receivers</b> without requiring any further <b>user interaction</b> or specific <b>permissions</b>. This allows for the <b>silent and unauthorized transmission of messages</b> from a compromised Wear OS device.</p>"}], "value": "On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented.\n\nDue to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user\u2019s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device."}], "impacts": [{"capecId": "CAPEC-502", "descriptions": [{"lang": "en", "value": "CAPEC-502 Intent Spoof"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2025-10-27T08:45:52.604Z"}, "references": [{"url": "https://towerofhanoi.it/writeups/cve-2025-12080/"}], "source": {"discovery": "UNKNOWN"}, "title": "Intent Abuse in Google Messages for Wear OS for Silent Message Sending", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-27T15:52:32.763396Z", "id": "CVE-2025-12080", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T15:53:29.322Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12080", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-27T15:52:32.763396Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T15:53:21.803Z"}}], "cna": {"title": "Intent Abuse in Google Messages for Wear OS for Silent Message Sending", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Gabriele Digregorio (Io_no)"}], "impacts": [{"capecId": "CAPEC-502", "descriptions": [{"lang": "en", "value": "CAPEC-502 Intent Spoof"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Google", "product": "WearOS", "versions": [{"status": "affected", "version": "0", "lessThan": "30-04-2025", "versionType": "date"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-22T22:00:00.000Z", "references": [{"url": "https://towerofhanoi.it/writeups/cve-2025-12080/"}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented.\n\nDue to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user\u2019s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device.", "supportingMedia": [{"type": "text/html", "value": "<p>On <b>Wear OS</b> devices, when <b>Google Messages</b> is configured as the default SMS/MMS/RCS application, the handling of <b><code>ACTION_SENDTO</code></b> intents utilizing the <code>sms:</code>, <code>smsto:</code>, <code>mms:</code>, and <code>mmsto:</code> Uniform Resource Identifier (URI) schemes is <b>incorrectly implemented</b>.</p><p>Due to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to <b>send messages on the user\u2019s behalf</b> to <b>arbitrary receivers</b> without requiring any further <b>user interaction</b> or specific <b>permissions</b>. This allows for the <b>silent and unauthorized transmission of messages</b> from a compromised Wear OS device.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:wearos:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "30-04-2025", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2025-10-27T08:45:52.604Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12080", "state": "PUBLISHED", "dateUpdated": "2025-10-27T15:53:29.322Z", "dateReserved": "2025-10-22T15:24:43.272Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2025-10-27T08:45:52.604Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented.\n\nDue to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user\u2019s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device."}], "id": "CVE-2025-12080", "lastModified": "2025-10-27T13:19:49.063", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2025-10-27T09:15:36.040", "references": [{"source": "cve-coordination@google.com", "url": "https://towerofhanoi.it/writeups/cve-2025-12080/"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{}