CVE-2025-27599

6.5

Medium

CVE-2025-27599

18 Apr 2025

security-advisories@github.com

Awaiting Analysis

Description

Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

security-advisories@github.com

https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e

security-advisories@github.com

https://github.com/element-hq/element-x-android/releases/tag/v25.04.2

security-advisories@github.com

https://github.com/element-hq/element-x-android/security/advisories/GHSA-m5px-pwq3-4p5m