CVE-2025-31126

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-31126
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-31126.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-31126
Aliases
  • GHSA-69qf-p24v-rf8j
Published
2025-04-03T17:54:27.901Z
Modified
2025-12-02T08:13:09.404228Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call
Details

Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/31xxx/CVE-2025-31126.json",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/element-hq/element-x-ios

Affected ranges

Type
GIT
Repo
https://github.com/element-hq/element-x-ios
Events
Introduced
7da720ccceb9435c972dcf5877f55ca759ff5c85
Fixed
0586c2cf549043330d500e1cefdb2487a2e58d00
Database specific 
{
    "versions": [
        {
            "introduced": "1.6.13"
        },
        {
            "fixed": "25.03.8"
        }
    ]
}

Affected versions

1.*

1.6.13
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.9.0
1.9.1
1.9.10
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9

25.*

25.02.0
25.03.0
25.03.1
25.03.2

nightly/1.*

nightly/1.6.14.641
nightly/1.6.14.642
nightly/1.6.14.643
nightly/1.6.14.644
nightly/1.6.14.645
nightly/1.6.14.646
nightly/1.6.14.647
nightly/1.6.14.649
nightly/1.6.14.650
nightly/1.6.14.651
nightly/1.6.14.652
nightly/1.6.14.653
nightly/1.6.14.654
nightly/1.6.14.655
nightly/1.6.14.656
nightly/1.6.14.657
nightly/1.7.1.658
nightly/1.7.1.659
nightly/1.7.1.660
nightly/1.7.1.661
nightly/1.7.1.662
nightly/1.7.1.663
nightly/1.7.2.664
nightly/1.7.2.665
nightly/1.7.3.666
nightly/1.7.3.667
nightly/1.7.3.668
nightly/1.7.3.669
nightly/1.7.3.670
nightly/1.7.3.671
nightly/1.7.3.672
nightly/1.7.3.673
nightly/1.7.3.674
nightly/1.7.3.675
nightly/1.7.3.676
nightly/1.7.3.679
nightly/1.7.4.680
nightly/1.7.4.681
nightly/1.7.4.682
nightly/1.7.4.683
nightly/1.7.4.684
nightly/1.7.4.685
nightly/1.7.4.686
nightly/1.7.4.687
nightly/1.7.4.688
nightly/1.7.4.689
nightly/1.7.4.690
nightly/1.7.5.691
nightly/1.7.5.692
nightly/1.7.5.693
nightly/1.7.5.694
nightly/1.7.5.695
nightly/1.7.5.697
nightly/1.7.5.698
nightly/1.7.5.699
nightly/1.7.6.700
nightly/1.7.6.701
nightly/1.7.6.702
nightly/1.7.6.703
nightly/1.7.6.704
nightly/1.8.1.705
nightly/1.8.1.706
nightly/1.8.2.707
nightly/1.8.2.708
nightly/1.8.2.709
nightly/1.8.3.710
nightly/1.8.4.711
nightly/1.8.4.712
nightly/1.8.4.713
nightly/1.8.4.714
nightly/1.8.4.715
nightly/1.8.5.716
nightly/1.8.5.717
nightly/1.8.5.718
nightly/1.8.5.721
nightly/1.8.5.722
nightly/1.8.5.723
nightly/1.8.5.724
nightly/1.8.5.725
nightly/1.8.5.726
nightly/1.8.5.727
nightly/1.8.6.728
nightly/1.8.6.729
nightly/1.9.1.730
nightly/1.9.1.732
nightly/1.9.10.782
nightly/1.9.10.783
nightly/1.9.10.784
nightly/1.9.10.785
nightly/1.9.10.786
nightly/1.9.10.787
nightly/1.9.10.788
nightly/1.9.10.789
nightly/1.9.10.790
nightly/1.9.10.791
nightly/1.9.11.792
nightly/1.9.11.793
nightly/1.9.11.795
nightly/1.9.11.796
nightly/1.9.11.807
nightly/1.9.11.808
nightly/1.9.11.809
nightly/1.9.11.810
nightly/1.9.11.811
nightly/1.9.11.812
nightly/1.9.11.813
nightly/1.9.11.814
nightly/1.9.11.815
nightly/1.9.11.816
nightly/1.9.11.817
nightly/1.9.11.818
nightly/1.9.11.819
nightly/1.9.11.820
nightly/1.9.11.821
nightly/1.9.11.822
nightly/1.9.11.823
nightly/1.9.2.733
nightly/1.9.2.734
nightly/1.9.2.735
nightly/1.9.2.736
nightly/1.9.2.737
nightly/1.9.2.738
nightly/1.9.4.740
nightly/1.9.4.741
nightly/1.9.4.742
nightly/1.9.4.743
nightly/1.9.4.744
nightly/1.9.4.745
nightly/1.9.4.746
nightly/1.9.4.747
nightly/1.9.4.748
nightly/1.9.4.749
nightly/1.9.4.750
nightly/1.9.4.751
nightly/1.9.5.752
nightly/1.9.5.753
nightly/1.9.6.754
nightly/1.9.6.755
nightly/1.9.6.756
nightly/1.9.6.759
nightly/1.9.6.760
nightly/1.9.6.761
nightly/1.9.6.762
nightly/1.9.6.763
nightly/1.9.6.764
nightly/1.9.7.765
nightly/1.9.7.766
nightly/1.9.7.767
nightly/1.9.7.768
nightly/1.9.7.769
nightly/1.9.7.770
nightly/1.9.7.771
nightly/1.9.7.772
nightly/1.9.7.773
nightly/1.9.7.774
nightly/1.9.8.775
nightly/1.9.8.776
nightly/1.9.8.777
nightly/1.9.8.778
nightly/1.9.8.779
nightly/1.9.9.780
nightly/1.9.9.781

nightly/25.*

nightly/25.02.0.824
nightly/25.02.0.825
nightly/25.02.0.826
nightly/25.02.0.827
nightly/25.02.1.828
nightly/25.02.1.829
nightly/25.02.1.830
nightly/25.02.1.831
nightly/25.02.1.832
nightly/25.02.1.833
nightly/25.02.1.834
nightly/25.02.1.835
nightly/25.02.1.836
nightly/25.02.1.837
nightly/25.02.1.838
nightly/25.02.1.839
nightly/25.02.1.840
nightly/25.02.1.841
nightly/25.02.1.842
nightly/25.02.1.843
nightly/25.02.1.844
nightly/25.02.1.845
nightly/25.03.0.846
nightly/25.03.0.847
nightly/25.03.1.848
nightly/25.03.2.849
nightly/25.03.2.850
nightly/25.03.2.851
nightly/25.03.2.852
nightly/25.03.2.853
nightly/25.03.2.854
nightly/25.03.2.855
nightly/25.03.2.856
nightly/25.03.3.859
nightly/25.03.3.860
nightly/25.03.3.861
nightly/25.03.3.862
nightly/25.03.3.863
nightly/25.03.3.864
nightly/25.03.3.865
nightly/25.03.3.866
nightly/25.03.3.867
nightly/25.03.3.868
nightly/25.03.3.869
nightly/25.03.5.870
nightly/25.03.6.871
nightly/25.03.6.872
nightly/25.03.6.873
nightly/25.03.7.874
nightly/25.03.7.875
nightly/25.03.8.876

release/25.*

release/25.03.3
release/25.03.4
release/25.03.5
release/25.03.6
release/25.03.7