CVE-2025-59161 LOW

CVE-2025-59161: In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left

Vendor Element-Hq
Product element-web
Weakness CWE-20 · Input validation
Published September 16, 2025
Last update September 16, 2025

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions. The issue has been patched and users should upgrade to 1.11.112. A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room.

Key dates

02Disclosure timeline

September 16, 2025 CVE published
September 16, 2025 Record updated