CVE-2025-59161

CVE-2025-59161

Name

CVE-2025-59161

Description

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions. The issue has been patched and users should upgrade to 1.11.112. A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/element-hq/element-web/commit/8e9a43d70c90e6a3b110cd0a377296079e4c81f5
CONFIRM	https://github.com/element-hq/element-web/security/advisories/GHSA-m6c8-98f4-75rr

Type

URI

MISC

https://github.com/element-hq/element-web/commit/8e9a43d70c90e6a3b110cd0a377296079e4c81f5

CONFIRM

https://github.com/element-hq/element-web/security/advisories/GHSA-m6c8-98f4-75rr

CPE URI	Source package	Min version	Max version
	element-web	>= 0	< 1.11.112

CPE URI

Source package

Min version

Max version

element-web

>= 0

< 1.11.112

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
element-web	edge-community	1.11.87-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.88-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.89-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.90-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.91-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.92-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.93-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.95-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.96-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.97-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.99-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.100-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.103-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.109-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	edge-community	1.11.110-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	3.22-community	1.11.87-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable
element-web	3.22-community	1.11.109-r0	lauren n. liberda <lauren@selfisekai.rocks>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages