A critical vulnerability discovered in Google Messages for Wear OS has exposed millions of smartwatch users to a significant security risk.
Identified as CVE-2025-12080, the flaw allows any installed application to send text messages on behalf of the user without requiring permissions, confirmation, or user interaction.
Security researcher Gabriele Digregorio discovered the vulnerability in March 2025 and was awarded a bounty through Google’s Mobile Vulnerability Reward Program for responsible disclosure.
https://gbhackers.com/google-wear-os-flaw/