Description

Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN. Version 1.6.34 solves the issue.

INFO

Published Date :

2025-03-14T16:56:23.217Z

Last Modified :

2025-03-14T18:11:03.936Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27606 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27606.

URL Resource
https://github.com/element-hq/element-android/commit/53bd78b05de375c6e6b0b5aa794a56b4ba95984c cve-icon cve-icon
https://github.com/element-hq/element-android/commit/87d7fcdc8036a4db4da8c403f87c73a64a546304 cve-icon cve-icon
https://github.com/element-hq/element-android/security/advisories/GHSA-632v-9pm3-m8ch cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact