Wear OS Bug Lets Apps Send Texts Without Permission
A newly disclosed vulnerability in Google Messages for Wear OS allows unprivileged apps to send SMS and RCS messages without user permission, raising concerns over unauthorized communications. The flaw, tracked as CVE-2025-12080 and rated 6.9 under CVSS v4, was discovered by security researcher Gabriele Digregorio. A proof-of-concept exploit is already available, highlighting the ease with which attackers could abuse this Wear OS bug that lets apps bypass permission safeguards.
This issue affects all installed applications, regardless of their permission status, enabling them to send messages directly through the system’s messaging service. The vulnerability has been officially listed in the CVE database and is one of several recent security concerns affecting Wear OS. The same disclosure also referenced CVE-2025-11371, CVE-2025-54236, CVE-2025-54253 and CVE-2025-27915, underscoring a broader set of risks.
To learn more about the Wear OS bug that lets apps send unauthorized messages, read the full article at: