CVE-2025-12080: Intent Abuse Vulnerability in Google Messages for Wear OS

CVE-2025-12080: Intent Abuse Vulnerability in Google Messages for Wear OS

First seen 3 Jul 2026, 13:32 UTC cvefeed.ionvd.nist.gov 78% similarity 54.9
Share:

Article Content

Browse articles
ThreatCluster

CVE-2025-12080 affects Wear OS devices where Google Messages is the default SMS/MMS/RCS app. The vulnerability arises from improper handling of ACTION_SENDTO intents, allowing attackers to send messages on behalf of users without interaction or permissions. This silent message transmission can target arbitrary receivers, posing a significant risk to user privacy and security. The flaw is linked to CWE-345, indicating insufficient verification of data authenticity. A public proof-of-concept exploit is available on GitHub, highlighting the potential for active exploitation. The vulnerability was published on October 27, 2025, and remains a concern for users of affected Wear OS devices. Security professionals are advised to monitor for updates and potential mitigations.

Key Points: • CVE-2025-12080 allows silent message sending from compromised Wear OS devices. • Attackers can exploit this vulnerability without user interaction or permissions. • A public proof-of-concept exploit is available, increasing the risk of active exploitation.

ThreatCluster AI

Timeline

2025-10-27
CVE-2025-12080 published
Google Messages for Wear OS was found to have a vulnerability allowing unauthorized message sending.
cvefeed.io
Recent
Public exploit available on GitHub
A proof-of-concept exploit for CVE-2025-12080 was released, raising concerns about active exploitation.
cvefeed.io

Community

Browse all →