Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31126

Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8.

Published

2025-04-03T18:15:45.803

Last Modified

2025-04-07T14:18:34.453

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

References

https://github.com/element-hq/element-meta/issues/2441 ([email protected])
https://github.com/element-hq/element-x-ios/security/advisories/GHSA-69qf-p24v-rf8j ([email protected])