Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Notices by usd AG (usdag@infosec.exchange)

Embed this notice
usd AG (usdag@infosec.exchange)'s status on Saturday, 10-May-2025 21:54:33 JST usd AG

We have found an interesting vulnerability in a #Matrix #Android client:
🧩 Software: #Element X Android
📦 Affected Version: <= 25.04.1
🆔 CVE: CVE-2025-27599
📊 CVSSv3.1: MEDIUM
⚠️ Prerequisites: Clicking on a crafted hyperlink or using a malicious app
Since Element X Android usually has the permission to access camera and microphone, this can be used to record audio and video from the victim. Pretty bad! 😨
🔗 Read more: https://herolab.usd.de/security-advisories/usd-2025-0010/
#InfoSec #CyberSecurity #Pentesting #Hacking #CVE_2025_27599 #SpyWare #Phishing
In conversation about 2 days ago from infosec.exchange permalink
Attachments
1. A screenshot of Burp Suite in the background and a pixelated video of the simulated victim.
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/478/189/056/745/750/original/07be07cad33db813.png
2. Domain not in remote thumbnail source whitelist: herolab.usd.de
  
  usd-2025-0010
  
  from lukasschraven
  
  Advisory ID: usd-2025-0010 | Product: Element X Android | Vulnerability Type: Improper Export of Android Application Components (CWE-926)

User actions

We protect companies against hackers and criminals. #moresecurity is our mission. Imprint: http://usd.de/en/imprintPrivacy protection: http://usd.de/en/privacy-protection

Tags

(None)

Following 0

Followers 0

Groups 0

Statistics

User ID: 344902

Member since: 10 May 2025

Notices: 1

Daily average: 0

Feeds

Atom

Public

Notices by usd AG (usdag@infosec.exchange)

User actions

Following 0

Followers 0

Groups 0

Statistics

Feeds