Search
Find a vulnerability
Search criteria
2 vulnerabilities found for element-x-ios by element-hq
CVE-2025-31126 (GCVE-0-2025-31126)
Vulnerability from nvd – Published: 2025-04-03 17:54 – Updated: 2025-04-07 18:24
VLAI
Title
Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call
Summary
Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/element-hq/element-x-ios/secur… | x_refsource_CONFIRM |
| https://github.com/element-hq/element-meta/issues/2441 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| element-hq | element-x-ios |
Affected:
>= 1.6.13, < 25.03.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:23:56.839530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:24:07.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "element-x-ios",
"vendor": "element-hq",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.13, \u003c 25.03.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T17:54:27.901Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/element-hq/element-x-ios/security/advisories/GHSA-69qf-p24v-rf8j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/element-hq/element-x-ios/security/advisories/GHSA-69qf-p24v-rf8j"
},
{
"name": "https://github.com/element-hq/element-meta/issues/2441",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/element-hq/element-meta/issues/2441"
}
],
"source": {
"advisory": "GHSA-69qf-p24v-rf8j",
"discovery": "UNKNOWN"
},
"title": "Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-31126",
"datePublished": "2025-04-03T17:54:27.901Z",
"dateReserved": "2025-03-26T15:04:52.626Z",
"dateUpdated": "2025-04-07T18:24:07.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31126 (GCVE-0-2025-31126)
Vulnerability from cvelistv5 – Published: 2025-04-03 17:54 – Updated: 2025-04-07 18:24
VLAI
Title
Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call
Summary
Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/element-hq/element-x-ios/secur… | x_refsource_CONFIRM |
| https://github.com/element-hq/element-meta/issues/2441 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| element-hq | element-x-ios |
Affected:
>= 1.6.13, < 25.03.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:23:56.839530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:24:07.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "element-x-ios",
"vendor": "element-hq",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.13, \u003c 25.03.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T17:54:27.901Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/element-hq/element-x-ios/security/advisories/GHSA-69qf-p24v-rf8j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/element-hq/element-x-ios/security/advisories/GHSA-69qf-p24v-rf8j"
},
{
"name": "https://github.com/element-hq/element-meta/issues/2441",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/element-hq/element-meta/issues/2441"
}
],
"source": {
"advisory": "GHSA-69qf-p24v-rf8j",
"discovery": "UNKNOWN"
},
"title": "Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-31126",
"datePublished": "2025-04-03T17:54:27.901Z",
"dateReserved": "2025-03-26T15:04:52.626Z",
"dateUpdated": "2025-04-07T18:24:07.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}