Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
CVE-2025-31127: Element X Android: Media Encryption Keys Exposed
CVE-2025-31127
Summary
A flaw in Element X Android versions 0.4.16 to 25.03.3 allows someone with control over a specific file to access encryption keys for phone calls. This means they could potentially listen in on calls. Update to version 25.03.4 to fix the issue.
Original title
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, und...
Original description
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4.
nvd CVSS3.1
5.3
Vulnerability type
CWE-200
Information Exposure
Published: 3 Apr 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026