CVE-2025-32026

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-32026

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32026.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32026

Aliases

GHSA-69q3-jg79-cg79

Published

2025-04-08T15:22:54.903Z

Modified

2025-12-05T08:56:18.083800Z

Severity

3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Element Web could load a malicious instance of Element Call leaking media encryption keys

Details

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used for an Element Call call. Version 1.11.97 fixes the problem.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32026.json",
    "cwe_ids": [
        "CWE-497"
    ]
}

References

Affected packages

Git / github.com/element-hq/element-web

Affected ranges

Type

GIT

Repo

https://github.com/element-hq/element-web

Events

Introduced

dd0134180c123fdcc677471eb0444f232d71c16d

Fixed

1fdd313ae9157d9f8272648eda435cb4196f82bb

Database specific

{
    "versions": [
        {
            "introduced": "1.11.16"
        },
        {
            "fixed": "1.11.97"
        }
    ]
}

Affected versions

Other

no-media-devices-release

v0.*

v0.0.2

v1.*

v1.11.16

v1.11.17

v1.11.17-rc.1

v1.11.18

v1.11.18-rc.1

v1.11.18-rc.2

v1.11.18-rc.3

v1.11.18-rc.4

v1.11.19

v1.11.20

v1.11.21

v1.11.21-rc.1

v1.11.22

v1.11.23

v1.11.23-rc.1

v1.11.24

v1.11.24-rc.1

v1.11.24-rc.2

v1.11.25

v1.11.25-rc.1

v1.11.25-rc.2

v1.11.25-rc.3

v1.11.26

v1.11.27

v1.11.28

v1.11.29

v1.11.29-rc.1

v1.11.30

v1.11.30-rc.1

v1.11.31

v1.11.31-rc.1

v1.11.31-rc.2

v1.11.32

v1.11.32-rc.1

v1.11.32-rc.2

v1.11.32-rc.3

v1.11.33

v1.11.34

v1.11.34+patch.1

v1.11.34-patch.1

v1.11.34-rc1

v1.11.35

v1.11.35-no-media-devices-hotfix

v1.11.35-rc.1

v1.11.36

v1.11.36-rc.1

v1.11.36-rc.2

v1.11.37

v1.11.37-rc.1

v1.11.38

v1.11.39

v1.11.39-rc.1

v1.11.40

v1.11.40-rc.1

v1.11.41

v1.11.41-rc.1

v1.11.41-rc.2

v1.11.42

v1.11.43

v1.11.44

v1.11.44-rc.1

v1.11.45

v1.11.46

v1.11.46-rc.1

v1.11.46-rc.2

v1.11.47

v1.11.47-rc.1

v1.11.48

v1.11.48-rc.1

v1.11.49

v1.11.50

v1.11.50-rc.0

v1.11.50-rc.1

v1.11.51

v1.11.51-rc.0

v1.11.52

v1.11.52-rc.0

v1.11.53

v1.11.54

v1.11.54-rc.0

v1.11.55

v1.11.56-rc.0

v1.11.57

v1.11.57-rc.1

v1.11.58

v1.11.58-rc.0

v1.11.58-rc.1

v1.11.59

v1.11.59-rc.0

v1.11.60

v1.11.60-rc.0

v1.11.61

v1.11.61-rc.0

v1.11.62

v1.11.62-rc.0

v1.11.63

v1.11.64

v1.11.64-rc.0

v1.11.65

v1.11.65-rc.0

v1.11.66

v1.11.66-rc.0

v1.11.66-rc.1

v1.11.67

v1.11.67-rc.0

v1.11.67-rc.1

v1.11.68

v1.11.68-rc.0

v1.11.69

v1.11.69-rc.0

v1.11.69-rc.1

v1.11.70

v1.11.70-rc.0

v1.11.70-rc.1

v1.11.71

v1.11.71-rc.0

v1.11.72

v1.11.72-rc.0

v1.11.73

v1.11.74

v1.11.74-rc.0

v1.11.75

v1.11.76

v1.11.76-rc.0

v1.11.77

v1.11.77-rc.0

v1.11.78

v1.11.78-rc.0

v1.11.79

v1.11.80

v1.11.80-rc.0

v1.11.81

v1.11.82

v1.11.82-rc.0

v1.11.83

v1.11.84

v1.11.84-rc.0

v1.11.85

v1.11.86

v1.11.86-rc.0

v1.11.87

v1.11.87-rc.0

v1.11.87-rc.1

v1.11.87-rc.2

v1.11.87-rc.3

v1.11.87-rc.4

v1.11.87-rc.5

v1.11.87-rc.6

v1.11.87-rc.7

v1.11.88

v1.11.88-rc.0

v1.11.89

v1.11.90

v1.11.90-rc.0

v1.11.91

v1.11.91-rc.0

v1.11.91-rc.1

v1.11.92

v1.11.92-rc.0

v1.11.93

v1.11.93-rc.0

v1.11.94

v1.11.95

v1.11.95-rc.0

v1.11.96

v1.11.96-rc.0

v1.11.97-rc.0