CVE-2025-27599
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-27599
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27599.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-27599
- Aliases
-
- GHSA-m5px-pwq3-4p5m
- Published
- 2025-04-18T16:15:20Z
- Modified
- 2025-05-28T10:42:41.627835Z
- Summary
- [none]
- Details
-
Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2.
- References
Affected packages
Git / github.com/element-hq/element-x-android
Affected ranges
- Type
- GIT
- Repo
- https://github.com/element-hq/element-x-android
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.1.0
v0.*
v0.1.2
v0.1.4
v0.1.5
v0.1.6
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.1
v0.4.10
v0.4.12
v0.4.13
v0.4.14
v0.4.15
v0.4.16
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v25.*
v25.02.0
v25.03.0
v25.03.1
v25.03.2
v25.03.3
v25.03.4
v25.04.0
v25.04.1