CVE-2025-31126
📋 TL;DR
An attacker controlling the element.json well-known file can potentially access media encryption keys used in Element Call calls. This affects Element X iOS users running versions between 1.6.13 and 25.03.7. The vulnerability allows unauthorized access to encrypted call content under specific conditions.
💻 Affected Systems
- Element X iOS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could decrypt and access sensitive audio/video content from Element Call sessions, potentially exposing confidential conversations or media.
Likely Case
Targeted attackers with control over the well-known file could intercept specific call sessions, compromising privacy of communications.
If Mitigated
With proper access controls and monitoring, impact is limited to specific call sessions where attackers have already compromised the well-known file infrastructure.
🎯 Exploit Status
Exploitation requires control over the well-known file and specific timing during call setup.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 25.03.8
Vendor Advisory: https://github.com/element-hq/element-x-ios/security/advisories/GHSA-69qf-p24v-rf8j
Restart Required: Yes
Instructions:
1. Open the App Store on iOS device. 2. Search for Element X. 3. Update to version 25.03.8 or later. 4. Restart the application.
🔧 Temporary Workarounds
Disable Element Call
allTemporarily disable Element Call functionality to prevent exploitation
Not applicable - disable via app settings
🧯 If You Can't Patch
- Restrict access to well-known file infrastructure
- Monitor for unauthorized changes to element.json files
🔍 How to Verify
Check if Vulnerable:
Check Element X iOS app version in Settings > About. If version is between 1.6.13 and 25.03.7 inclusive, system is vulnerable.Check Version:
Not applicable - check via iOS app interfaceVerify Fix Applied:
Confirm app version is 25.03.8 or later in Settings > About.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to element.json files
- Unexpected changes to well-known file configurations
Network Indicators:
- Unusual traffic patterns to well-known file endpoints during call setup
SIEM Query:
Not applicable - specific to app-level vulnerability