OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data

A critical security vulnerability has been discovered in OPPO’s Clone Phone feature that could expose sensitive user data through inadequately secured WiFi hotspots. 

The vulnerability, designated CVE-2025-27387, affects ColorOS 15.0.2 and earlier versions, presenting a high-severity risk with a CVSS score of 7.4 out of 10. 

Security researcher FlorianDraschbache identified this flaw in May 2025, prompting immediate attention from cybersecurity communities worldwide.

Summary
1. OPPO Clone Phone feature contains a high-severity security flaw (CVE-2025-27387) that exposes sensitive user data during file transfers.
2. The vulnerability stems from inadequate WPA passphrase protection on WiFi hotspots, allowing nearby attackers to intercept personal data like contacts, messages, and photos without requiring special access.
3. All ColorOS 15.0.2 and earlier versions are affected, putting millions of OPPO device users at risk of data exposure.
4. No patch timeline has been announced - users should avoid Clone Phone functionality in untrusted environments until updates are released.

Expose Data via Weak Wi-Fi Passphrases

The vulnerability stems from OPPO Clone Phone’s implementation of weak WPA passphrases as the sole security mechanism for file transfer operations. 

According to the GitHub Advisory Database, the flaw is classified under CWE-200 (Information Exposure), indicating improper restriction of information access. 

The technical assessment reveals an attack vector marked as “Adjacent” with low attack complexity, meaning malicious actors within WiFi range can exploit this weakness without requiring special privileges or user interaction.

The CVSS v3.1 base metrics detail the vulnerability’s characteristics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. 

This vector indicates adjacent network access (AV:A), low complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), changed scope (S:C), and high confidentiality impact (C:H). 

The vulnerability enables unauthorized information disclosure during file transfer operations between devices using OPPO’s Clone Phone feature. 

When users initiate data migration, the system creates a WiFi hotspot protected only by weak authentication mechanisms, potentially allowing nearby attackers to intercept sensitive personal data, including contacts, messages, photos, and application data.

OPPO published this advisory yesterday, emphasizing the urgency of addressing this security gap. 

The high confidentiality impact rating indicates that successful exploitation could result in complete exposure of transferred information. 

Organizations and individual users relying on OPPO devices for sensitive data management face significant privacy risks, particularly in environments with multiple WiFi-enabled devices.

While specific patch timelines remain undisclosed, users should avoid using Clone Phone functionality in untrusted environments until security updates are released.

The GHSA ID GHSA-5fm5-q6q3-865x has been assigned for tracking purposes within GitHub’s security advisory system. 

Users operating ColorOS 15.0.2 and below should monitor official OPPO security bulletins for firmware updates addressing this vulnerability and consider alternative secure file transfer methods for sensitive data migration.

Are you from SOC/DFIR Teams! - Interact with malware in the sandbox and find related IOCs. - Request 14-day free trial