CVE - CVE-2025-27599

CVE-ID
CVE-2025-27599	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e URL:https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e MISC:https://github.com/element-hq/element-x-android/releases/tag/v25.04.2 URL:https://github.com/element-hq/element-x-android/releases/tag/v25.04.2 MISC:https://github.com/element-hq/element-x-android/security/advisories/GHSA-m5px-pwq3-4p5m URL:https://github.com/element-hq/element-x-android/security/advisories/GHSA-m5px-pwq3-4p5m
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20250303	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250303)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)