Vulnerability Description
Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions. The issue has been patched and users should upgrade to 1.11.112. A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room.
Related Weaknesses (CWE)
References
- https://github.com/element-hq/element-web/commit/8e9a43d70c90e6a3b110cd0a3772960
- https://github.com/element-hq/element-web/security/advisories/GHSA-m6c8-98f4-75r
FAQ
What is CVE-2025-59161?
CVE-2025-59161 is a documented vulnerability. Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote a...
How severe is CVE-2025-59161?
CVSS scoring is not yet available for CVE-2025-59161. Check NVD for updates.
Is there a patch for CVE-2025-59161?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.