Improper multimedia file attachment validation in Telegram for Android app
Description
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
EvilVideo (CVE-2024-7014) lets attackers disguise malicious Android payloads as videos in Telegram for Android versions 10.14.4 and older, enabling stealthy malware distribution.
Vulnerability
CVE-2024-7014 (dubbed EvilVideo) is a zero-day vulnerability in Telegram for Android versions 10.14.4 and older. The bug allows an attacker to craft a malicious Android payload that, when shared via Telegram channels, groups, or chats, is displayed to recipients as a video file instead of a normal application or APK. This misrepresentation bypasses the user's typical caution toward unknown executable files [1].
Exploitation
To exploit EvilVideo, an attacker needs only the ability to send a message to a Telegram chat, group, or channel. No special network position or authentication beyond a standard Telegram account is required. The attacker crafts a special payload (likely using modified MIME types or manifest data) that the Telegram client incorrectly identifies as a video. When the targeted user taps the seemingly innocuous video thumbnail, Telegram may attempt to play the file, inadvertently executing the malicious payload instead of launching a video player. The exploit was offered for sale on an underground forum in June 2024, and researchers confirmed a working sample [1].
Impact
Successful exploitation results in the victim unknowingly installing a malicious Android application on their device. The attacker gains the ability to execute arbitrary code within the context of the installed app, potentially leading to data theft, spyware installation, or other malware activities. The full confidentiality, integrity, and availability impact depends on the payload, but the vulnerability enables stealthy delivery by bypassing the user's suspicion of unknown APK files [1].
Mitigation
Telegram addressed CVE-2024-7014 in version 10.14.5, released on July 11, 2024, after ESET reported the vulnerability on June 26, 2024. Users must update to this version or later from Google Play or the official Telegram website. No workaround exists for unpatched versions. The vulnerability is not currently listed on the CISA KEV catalog. Systems unable to upgrade (e.g., devices no longer supported by Telegram) remain vulnerable [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=10.14.4
- Android/Telegram for Androidv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.