cvedb.io
CVE-2025-27599
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-04-18T16:15:20.480 · Last modified 2026-06-17T09:03:53.367

Summary

Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.