A significant security vulnerability has been identified in OPPO’s Clone Phone feature, potentially exposing sensitive user data through inadequately secured Wi-Fi hotspots. This flaw, designated as CVE-2025-27387, affects ColorOS versions 15.0.2 and earlier, carrying a high-severity risk with a Common Vulnerability Scoring System (CVSS) score of 7.4 out of 10. Security researcher Florian Draschbache discovered this issue in May 2025, prompting immediate attention from the cybersecurity community.
Understanding the Vulnerability
The core of this vulnerability lies in the Clone Phone application’s use of weak WPA passphrases as the sole security measure during file transfer operations. When users initiate data migration between devices, the system establishes a Wi-Fi hotspot protected only by these insufficient authentication mechanisms. This setup potentially allows nearby attackers to intercept sensitive personal data, including contacts, messages, photos, and application data, without requiring special privileges or user interaction.
The GitHub Advisory Database classifies this flaw under CWE-200 (Information Exposure), indicating improper restriction of information access. The technical assessment reveals an attack vector marked as Adjacent with low attack complexity, meaning malicious actors within Wi-Fi range can exploit this weakness without requiring special privileges or user interaction.
Technical Details
The CVSS v3.1 base metrics detail the vulnerability’s characteristics as follows:
– Attack Vector (AV): Adjacent (AV:A)
– Attack Complexity (AC): Low (AC:L)
– Privileges Required (PR): None (PR:N)
– User Interaction (UI): None (UI:N)
– Scope (S): Changed (S:C)
– Confidentiality Impact (C): High (C:H)
– Integrity Impact (I): None (I:N)
– Availability Impact (A): None (A:N)
This vector indicates that the vulnerability enables unauthorized information disclosure during file transfer operations between devices using OPPO’s Clone Phone feature. The high confidentiality impact rating suggests that successful exploitation could result in complete exposure of transferred information.
Implications for Users
Users operating devices with ColorOS 15.0.2 and earlier versions are at significant risk. The vulnerability’s characteristics mean that attackers within Wi-Fi range can exploit this flaw without requiring special privileges or user interaction. This situation poses a substantial threat to user privacy, especially in environments with multiple Wi-Fi-enabled devices.
Recommendations for Users
While specific patch timelines remain undisclosed, users should take the following precautions:
1. Avoid Using Clone Phone in Untrusted Environments: Until security updates are released, refrain from using the Clone Phone feature in public or untrusted Wi-Fi environments.
2. Monitor Official OPPO Security Bulletins: Stay informed about firmware updates addressing this vulnerability by regularly checking OPPO’s official security advisories.
3. Consider Alternative Secure File Transfer Methods: Utilize other secure methods for data migration to ensure the safety of sensitive information.
Broader Context
This vulnerability highlights the critical importance of robust security measures in device functionalities that handle sensitive user data. It also underscores the need for manufacturers to implement strong encryption protocols and secure authentication mechanisms to protect user information.
Conclusion
The discovery of CVE-2025-27387 in OPPO’s Clone Phone feature serves as a stark reminder of the potential risks associated with inadequate security measures in data transfer applications. Users are advised to exercise caution and follow recommended practices to safeguard their personal information until a security patch is made available.
