Primary

Context

Element X Android Media Encryption Key Exposure Vulnerability via Well-Known File

Vulnerability

A vulnerability in Element X Android has been identified, allowing the entity controlling the 'element.json' well-known file to access media encryption keys for Element Call calls. This issue affects Element X Android versions 0.4.16 through 25.03.3 and has been classified as high severity. The vulnerability arises under certain conditions where the well-known file is manipulated, potentially compromising the confidentiality of media communications.

Impact

Exploitation of this vulnerability allows unauthorized access to media encryption keys used in Element Call, which could lead to interception and decryption of private calls.

Remediation

Users can update to Element X Android version 25.03.4, where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Element X Android Media Encryption Key Exposure Vulnerability via Well-Known File

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating