CVE-2025-27599

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Element X Android versions prior to 25.04.2

Description A crafted hyperlink on a webpage or a locally installed malicious app can force Element X to load a webpage with similar permissions to Element Call, automatically granting it temporary access to the microphone and camera.

Recommendations For versions prior to 25.04.2, update to version 25.04.2 to resolve the issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-926

Related Identifiers

CVE-2025-27599

GHSA-M5PX-PWQ3-4P5M

Affected Products

Element

CVE-2025-27599

Weakness Enumeration

Related Identifiers

Affected Products

References · 9