Core Viewpoint - A critical security vulnerability has been discovered in OnePlus smartphones, allowing unauthorized access to SMS and MMS without user consent, with no response from OnePlus regarding the issue [1][4]. Group 1: Vulnerability Details - The vulnerability is identified as CVE-2025-10184, with a CVSS score of 8.2/10, stemming from a flaw in the internal component com.oneplus.provider.telephony [4]. - Multiple versions of OxygenOS are affected, specifically versions 12 to 15, while OxygenOS 11 is not impacted [1][4]. - The vulnerability allows malicious applications to silently access and transmit SMS and MMS data to external servers without user interaction or notification [4]. Group 2: Response from OnePlus - RAPID7 attempted to contact OnePlus for feedback starting May 1, 2025, but received no response after multiple attempts, including contacting customer service and reaching out via social media [5]. - The lack of communication from OnePlus led RAPID7 to publicly disclose the vulnerability and provide exploit code as a last resort to prompt a fix [5].