Home > Vulnerability Database > CVE-2025-27606

Mend.io Vulnerability Database

CVE-2025-27606

Date: March 14, 2025

Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN. Version 1.6.34 solves the issue.

Severity Score

5.1

Related Resources (5)

Url: https://github.com/element-hq/element-android/security/advisories/GHSA-632v-9pm3-m8ch

Url: https://github.com/element-hq/element-android/commit/53bd78b05de375c6e6b0b5aa794a56b4ba95984c

Url: https://github.com/element-hq/element-android/commit/87d7fcdc8036a4db4da8c403f87c73a64a546304

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27606

Url: https://www.mend.io/vulnerability-database/CVE-2025-27606

Severity Score

5.1

Weakness Type (CWE)

Exposure of Data Element to Wrong Session

CWE-488

CVSS v3.1

Base Score:	5.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27606

Date: March 14, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?