A critical security vulnerability affecting OnePlus smartphones running OxygenOS versions 12 to 15 has been identified, allowing malicious apps to read and send SMS messages without user permission. Tracked as CVE-2025-10184, this flaw risks exposing sensitive information, including two-factor authentication codes, impacting millions of devices. Following the disclosure by cybersecurity firm Rapid7, OnePlus acknowledged the issue and announced plans for a global software update to resolve it by mid-October. Until then, users are urged to install only trusted apps and utilize encrypted messaging platforms for sensitive communications. This incident underscores the ongoing security challenges faced by Android device manufacturers, particularly those that customize the operating system, emphasizing the need for robust security protocols in safeguarding user data.