VYPR
Medium severity6.5OSV Advisory· Published Apr 18, 2025· Updated Apr 15, 2026

CVE-2025-27599

CVE-2025-27599

Description

Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • v0.4.10, v0.4.12, v0.4.13, …+ 1 more
    • (no CPE)range: v0.4.10, v0.4.12, v0.4.13, …
    • (no CPE)range: <=25.04.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.