CVE-2025-32026

LOW Year: 2025
CVSS v3 Score
3.8
Low
Weakness Type
CWE-497
View all →

Vulnerability Description

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used for an Element Call call. Version 1.11.97 fixes the problem.

Related Vulnerabilities

CVE-2023-42010

LOW
CVSS:3.7(Low)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-For...

CWE-4972023

CVE-2025-24473

LOW
CVSS:3.7(Low)

A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application i...

CWE-4972025

CVE-2024-47799

LOW
CVSS:3.5(Low)

Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-a...

CWE-4972024

CVE-2023-34209

MEDIUM
CVSS:4.3(Medium)

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the ab...

CWE-4972023

CVE-2023-5081

LOW
CVSS:3.3(Low)

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

CWE-4972023

CVE-2024-0053

LOW
CVSS:3.3(Low)

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional ex...

CWE-4972024