Approved changes feed: RSS · Atom

cpe:2.3:a:element-hq:element-x-android:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorElement Hq (3b16b3ba-f167-5a48-b62a-dc4536b16c63)
ProductElement X Android (2b67ebf1-7655-5285-b7bc-0044d804fba5)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-31127 vulnerable 2026-06-08 07:17:02.446095 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call
MEDIUM (5.3)
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4.
Published: 2025-04-03T17:54:22.695Z
Updated: 2025-04-07T18:24:45.777Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-27599 vulnerable 2026-06-08 07:14:55.352569 Element X Android vulnerable to loading malicious web pages via received intent
MEDIUM (6.5)
Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2.
Published: 2025-04-18T15:49:11.899Z
Updated: 2025-04-18T16:06:04.952Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.