CVE-2024-7014

HIGH EXPLOITED

Telegram < 10.14.5 - Malicious App Disguised as Video via EvilVideo Vulnerability

Title source: llm

Exploitation Summary

CVE-2024-7014 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including absholi7ly, hexspectrum1.

AI-analyzed exploit summary This PoC exploits CVE-2024-7014 (EvilVideo) in Telegram for Android (versions 10.14.4 and earlier) by uploading a malicious file disguised as a video to a Telegram channel. The exploit leverages a vulnerability in Telegram's file handling to potentially install malware or redirect users.

Description

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.

Exploits (2)

nomisec WORKING POC 13 stars

by absholi7ly · client-side

https://github.com/absholi7ly/PoC-for-CVE-2024-7014-Exploit

View Code ZIP pw:eip

This PoC exploits CVE-2024-7014 (EvilVideo) in Telegram for Android (versions 10.14.4 and earlier) by uploading a malicious file disguised as a video to a Telegram channel. The exploit leverages a vulnerability in Telegram's file handling to potentially install malware or redirect users.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Telegram for Android (versions 10.14.4 and earlier)

Auth required

Prerequisites: Python 3.x · pyTelegramBotAPI library · Telegram bot token · Telegram channel or chat ID with posting permissions · Malicious file and thumbnail image

MITRE ATT&CK

T1195.002 - Compromise Software Supply Chain

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by hexspectrum1 · poc

https://github.com/hexspectrum1/CVE-2024-7014

View Code ZIP pw:eip

This PoC exploits CVE-2024-7014 by sending a malicious HTML file disguised as a video to a Telegram chat, leveraging Telegram's file handling to potentially trigger an XSS or other client-side vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Telegram (specific version not specified)

Auth required

Prerequisites: Valid Telegram bot token · Valid Telegram chat ID

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/

Scores

CVSS v3 8.1

EPSS 0.0127

EPSS Percentile 65.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-07-22

CWE

CWE-20

Status published

Products (1)

telegram/telegram < 10.14.5

Published Jul 23, 2024

Tracked Since Feb 18, 2026