cvefeed.io
CVE-2025-12080: Intent Abuse Vulnerability in Google Messages for Wear OS
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
CVE-2025-12080 affects Wear OS devices where Google Messages is the default SMS/MMS/RCS app. The vulnerability arises from improper handling of ACTION_SENDTO intents, allowing attackers to send messages on behalf of users without interaction or permissions. This silent message transmission can target arbitrary receivers, posing a significant risk to user privacy and security. The flaw is linked to CWE-345, indicating insufficient verification of data authenticity. A public proof-of-concept exploit is available on GitHub, highlighting the potential for active exploitation. The vulnerability was published on October 27, 2025, and remains a concern for users of affected Wear OS devices. Security professionals are advised to monitor for updates and potential mitigations.
Key Points: • CVE-2025-12080 allows silent message sending from compromised Wear OS devices. • Attackers can exploit this vulnerability without user interaction or permissions. • A public proof-of-concept exploit is available, increasing the risk of active exploitation.