What is CVE-2024-7014?

The EvilVideo vulnerability in Telegram allows attackers to send malicious apps disguised as videos on Android, affecting versions 10.14.4 and earlier. Organizations must prioritize mitigation efforts due to the potential high impact on integrity and availability.

What is the severity of CVE-2024-7014?

CVE-2024-7014 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2024-7014 | High Vulnerability in Telegram

The EvilVideo vulnerability allows sending malicious apps disguised as videos in the Telegram for Android application, affecting versions 10.14.4 and older. This vulnerability is classified with a high severity level, receiving a CVSS score of 7.1. The potential risk to organizations includes significant impacts on both integrity and availability, making this a pressing issue for security teams.

Given the exploitability of this vulnerability, organizations should prioritize patching immediately. Failure to address this vulnerability could lead to unauthorized access or even complete compromise of affected systems.

The urgency for defenders is critical, especially as attackers may leverage this vulnerability to deliver malicious payloads disguised as legitimate content. As such, organizations must promptly apply updates to mitigate the risk.

This vulnerability has been analyzed, and although it is not classified in the Known Exploited Vulnerability (KEV) catalog, an active exploit has been confirmed. Organizations need to be aware of this vulnerability's implications and take appropriate actions.

Vulnerability Details

The CVSS score of 7.1 categorizes this vulnerability as high severity. The attack vector is network-based, requiring low complexity and low privileges to exploit, with user interaction needed.

The vulnerability impacts confidentiality, integrity, and availability, with high impacts reported on integrity and availability, indicating severe potential damage from successful exploitation.

Technical Analysis

The root cause of the EvilVideo vulnerability stems from improper validation of user input when processing video files within the Telegram application. Attackers can exploit this to deliver malicious applications disguised as legitimate video files.

The attack vector is classified as network-based. Attack complexity is low, and low privileges are required, with user interaction necessary to activate the exploit. The exploitation can lead to high impacts on both integrity and availability.

Risk & Impact Analysis

The deployment of Telegram within organizations presents a significant risk due to the EvilVideo vulnerability. Organizations using affected versions are at high risk of attackers leveraging this vulnerability to deliver malicious payloads.

The potential blast radius is significant as this vulnerability affects a widely used application. As attackers may exploit this vulnerability through social engineering tactics, the urgency for organizations to assess their risk and implement mitigation strategies is paramount.

Organizations should address this vulnerability in their priority patch cycle to prevent exploitation and maintain the integrity of their systems.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the Telegram application are all versions prior to 10.14.5. Users must upgrade to this version or later to mitigate the vulnerability.

Mitigation & Remediation

Organizations should prioritize applying the latest updates to the Telegram application. If a patch is unavailable, consider implementing network controls to limit exposure and restrict the execution of unknown applications. Additionally, users should be trained to recognize potential phishing attempts that may leverage this vulnerability.

For further guidance on application security best practices, organizations can refer to the application security assessment resources.

Detection Guidance

Organizations should monitor logs for indicators of exploitation, such as unusual file types being received via Telegram. Behavioral anomalies related to application execution should also be analyzed to detect any unauthorized access attempts.

AppSecure Threat Intelligence Insight

The long-term significance of the EvilVideo vulnerability highlights the importance of rigorous input validation within applications. Security teams must learn from this incident to enhance their defensive measures against similar threats in the future.

As mobile applications continue to evolve, the patterns of vulnerabilities will likely follow suit. Organizations should adopt a proactive approach to identify potential weaknesses early. For more information on best practices, refer to our penetration testing methodology and vulnerability management program design resources.

Additionally, organizations are encouraged to keep abreast of emerging threats and vulnerabilities by following our API security best practices blog.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-7014: High Vulnerability in Telegram