CVERadar

CVE-2024-7014

Medium Severity

SVRS

36/100

CVSSv3

NA/10

EPSS

0.28011/1

CVE-2024-7014: The EvilVideo vulnerability affects Telegram for Android, allowing attackers to send malicious apps disguised as video files to users on versions 10.14.4 and older. While the CVSS score is 0, indicating no base severity, the SOCRadar Vulnerability Risk Score (SVRS) of 36 suggests a moderate level of risk. This discrepancy highlights the importance of considering real-world threat intelligence. The vulnerability exists due to improper input validation (CWE-20) when processing video files within the Telegram application. Attackers can leverage this flaw to trick users into installing harmful applications. The exploit is currently 'In The Wild' and 'Exploit Available', increasing the risk of active exploitation. Organizations using Telegram on Android devices should urgently update to the latest version to mitigate this risk.

Indicators of Compromise

No IOCs found for this CVE

Exploits

Title	Software Link	Date
absholi7ly/PoC-for-CVE-2024-7014-Exploit	https://github.com/absholi7ly/PoC-for-CVE-2024-7014-Exploit	2025-03-16

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Telegram EvilVideo Vulnerability Exploited to Run Malicious Code on Victims’ Devices

Divya2025-03-05

Telegram EvilVideo Vulnerability Exploited to Run Malicious Code on Victims’ Devices | A newly documented exploitation technique targeting Telegram’s file-sharing infrastructure has raised alarms in cybersecurity circles. Dubbed “EvilVideo,” this attack vector leverages a vulnerability (CVE-2024-7014) in how Telegram processes multimedia content, enabling attackers to disguise malicious HTML files as video files. When unsuspecting users attempt to open these files, embedded JavaScript code executes, enabling IP logging, […] The post Telegram EvilVideo Vulnerability Exploited to Run Malicious Code on

gbhackers.com

rss

forum

news

CVE-2024-7014 | Telegram App up to 10.14.4 on Android Video EvilVideo input validation

vuldb.com2024-07-23

CVE-2024-7014 | Telegram App up to 10.14.4 on Android Video EvilVideo input validation | A vulnerability, which was classified as critical, has been found in Telegram App up to 10.14.4 on Android. This issue affects some unknown processing of the component Video Handler. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2024-7014. The attack may be initiated

cve-2024-7014

domains

urls

cves

Social Media

transilienceai

@transilienceai

2025-03-16

Actively exploited CVE : CVE-2024-7014

0ÐÅ¥€XPŁØ!Ŧ

@0Day3xpl0it

2025-03-13

@0x6rss Tested my self. At first I thought it only applied to the older version of TG affected by CVE-2024-7014, but it worked in an emulated android instance of latest TG version for me a week or so ago. Only normies would fall for it though cause they click on anything.

Mokrani Moustafa

@MokraniMoustafa

2025-03-08

La vulnérabilité CVE-2024-7014, surnommée "EvilVideo", permet à des attaquants d'envoyer des applications malveillantes déguisées en vidéos via Telegram pour Android, affectant les versions 10.14.4 et antérieures. #Security #vulnerability #Telegram #Android

Binni Shah

@binitamshah

2025-03-05

Exploiting the EvilVideo vulnerability on Telegram for Android : https://t.co/4TRxor4EAB credits @LukasStefanko CVE-2024-7014 Return : Updated Evilloader : https://t.co/3XfT6Jrghn telegram-video-extension-manipulation-PoC : https://t.co/DVNoMuxqgp credits @0x6rss https://t.co/DULU2u2iR2

Ivan Castañeda

@ivancastl

2025-03-05

Actualmente, sigue existiendo una vulnerabilidad en Telegram que tiene similitudes con la CVE-2024-7014, relacionada con archivos ".htm" que se camuflan como videos y se envían a través de la API de Telegram o mediante un bot. Aunque el archivo parece ser un video, lo que https://t.co/PQJJW6HZFM

Mobile Hacker

@androidmalware2

2025-02-14

Today was published on Telegram channel demo of exploiting new #EvilVideo vulnerability affecting Telegram for Android (CVE-2024-7014). The video was recorded on January 18, 2025. https://t.co/s9DAJ0pnME

Oحaddad

@devwizardoh

2025-01-08

@0x6rss @g0njxa Nice hack, but CVE-2024-7014 is already patched

Lukas Stefanko

@LukasStefanko

2025-01-07

In the latest version of G-700 Android RAT was allegedly added exploitation of the #EvilVideo Telegram vulnerability (CVE-2024-7014) The exploit allows sending malicious APK files disguised as video EvilVideo: https://t.co/fb9FmhGhMt G-700 RAT: https://t.co/c6zDJUnvms https://t.co/qZPLL0hFt5

CVE

@CVEnew

2024-07-23

CVE-2024-7014 EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. https://t.co/E6CXqweDRK

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/

CWE Details

CWE ID	CWE Name	Description
CWE-20	Improper Input Validation	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence