CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27599 – Element X Android vulnerable to loading malicious web pages via received intent
https://notcve.org/view.php?id=CVE-2025-27599
18 Apr 2025 — Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2. Element X Android es un cliente Matrix para Android proporcionado por element.io. Antes de la versión 25.04.2, un hipervínculo... • https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e • CWE-20: Improper Input Validation CWE-926: Improper Export of Android Application Components •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31127 – Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call
https://notcve.org/view.php?id=CVE-2025-31127
03 Apr 2025 — Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4. Element X Android es un cliente Matrix para Android proporcionado por element.io. En las versiones de Element X para Android entre la 0.4.16 y la 25.03.3, la entidad que controla... • https://github.com/element-hq/element-meta/issues/2441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •