Primary

Context

Element Web Media Encryption Key Exposure Vulnerability in Element Call Integration

Vulnerability

A vulnerability in Element Web versions 1.11.16 prior to 1.11.96 allows external pages to access media encryption keys used in Element Call. This issue arises when Element Web is configured to load Element Call from an external URL.

Impact

Exploitation of this vulnerability could lead to unauthorized access to media encryption keys, potentially allowing interception or manipulation of encrypted media in Element Call.

Remediation

Users can update to Element Web version 1.11.97 or later to address this vulnerability. Alternatively, Element Web can be configured to load a trusted instance of Element Call.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Element Web Media Encryption Key Exposure Vulnerability in Element Call Integration

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating