CVE-2025-59161

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-59161
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59161.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-59161
Aliases
  • GHSA-m6c8-98f4-75rr
Published
2025-09-16T17:15:41Z
Modified
2025-09-18T05:12:24.351401Z
Summary
[none]
Details

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions. The issue has been patched and users should upgrade to 1.11.112. A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room.

References

Affected packages

Git / github.com/element-hq/element-web

Affected ranges

Type
GIT
Repo
https://github.com/element-hq/element-web
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8e9a43d70c90e6a3b110cd0a377296079e4c81f5

Affected versions

Other

no-media-devices-release

v0.*

v0.0.2
v0.1.2
v0.10.0
v0.10.0-rc.2
v0.10.1
v0.10.2
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.1
v0.11.2
v0.11.2-rc.1
v0.11.2-rc.2
v0.11.3
v0.11.4
v0.12.0-rc.1
v0.12.1
v0.12.1-rc.1
v0.12.2
v0.12.3
v0.12.3-rc.1
v0.12.3-rc.2
v0.12.3-rc.3
v0.12.4
v0.12.4-rc.1
v0.12.5
v0.12.6
v0.12.7
v0.12.7-rc.1
v0.12.7-rc.2
v0.12.7-rc.3
v0.13.0
v0.13.0-rc.1
v0.13.0-rc.2
v0.13.0-rc.3
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.1
v0.14.2
v0.14.2-rc.1
v0.14.2-rc.2
v0.14.2-rc.3
v0.14.3-rc.1
v0.15.0
v0.15.0-rc.1
v0.15.0-rc.2
v0.15.0-rc.3
v0.15.0-rc.4
v0.15.0-rc.5
v0.15.0-rc.6
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.4-rc.1
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.6-rc.1
v0.15.6-rc.2
v0.15.7
v0.15.7-rc.1
v0.15.7-rc.2
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.1-rc.1
v0.16.2
v0.16.3
v0.16.3-rc.1
v0.16.3-rc.2
v0.16.4
v0.16.4-rc.1
v0.16.5
v0.16.5-rc.1
v0.16.6
v0.17.0
v0.17.0-rc.1
v0.17.1
v0.17.2
v0.17.3
v0.17.3-rc.1
v0.17.4
v0.17.5
v0.17.6
v0.17.6-rc.1
v0.17.6-rc.2
v0.17.7
v0.17.8
v0.17.8-rc.1
v0.17.9
v0.17.9-rc.1
v0.3.0
v0.4.0
v0.4.1
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.4-r1
v0.7.5
v0.7.5-r1
v0.7.5-r2
v0.7.5-r3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.10
v0.9.10-rc.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.6-rc.1
v0.9.7
v0.9.7-rc.1
v0.9.7-rc.2
v0.9.7-rc.3
v0.9.8
v0.9.8-rc.1
v0.9.8-rc.2
v0.9.8-rc.3
v0.9.9
v0.9.9-rc.1
v0.9.9-rc.2

v1.*

v1.0.0
v1.0.0-rc.1
v1.0.0-rc.2
v1.0.1
v1.0.2
v1.0.2-rc.1
v1.0.2-rc.2
v1.0.2-rc.3
v1.0.3
v1.0.4
v1.0.4-rc.1
v1.0.5
v1.0.6
v1.0.6-rc.1
v1.0.7
v1.0.8
v1.1.0
v1.1.0-rc.1
v1.1.1
v1.1.2
v1.10.0
v1.10.1
v1.10.10
v1.10.11
v1.10.11-rc.1
v1.10.12
v1.10.12-rc.1
v1.10.12-rc.2
v1.10.13
v1.10.13-rc.1
v1.10.13-rc.2
v1.10.14
v1.10.14-rc.1
v1.10.15
v1.10.2
v1.10.2-rc.1
v1.10.2-rc.2
v1.10.3
v1.10.4
v1.10.5
v1.10.5-rc.1
v1.10.6
v1.10.7
v1.10.7-rc.1
v1.10.8
v1.10.8-rc.1
v1.10.9
v1.10.9-rc.1
v1.10.9-rc.2
v1.10.9-rc.3
v1.10.9-rc.4
v1.11.0
v1.11.0-rc.1
v1.11.1
v1.11.1-rc.1
v1.11.1-rc.2
v1.11.10
v1.11.100
v1.11.100-rc.0
v1.11.101
v1.11.101-rc.0
v1.11.102
v1.11.102-rc.0
v1.11.103
v1.11.104
v1.11.104-rc.0
v1.11.105
v1.11.105-rc.0
v1.11.106
v1.11.106-rc.0
v1.11.107
v1.11.107-rc.0
v1.11.108
v1.11.109
v1.11.109-rc.0
v1.11.11
v1.11.11-rc.1
v1.11.11-rc.2
v1.11.110
v1.11.110-rc.0
v1.11.111
v1.11.111-rc.0
v1.11.12
v1.11.13
v1.11.14
v1.11.14-rc.1
v1.11.14-rc.2
v1.11.15
v1.11.15-rc.1
v1.11.16
v1.11.16-rc.1
v1.11.16-rc.2
v1.11.17
v1.11.17-rc.1
v1.11.18
v1.11.18-rc.1
v1.11.18-rc.2
v1.11.18-rc.3
v1.11.18-rc.4
v1.11.19
v1.11.2
v1.11.2-rc.1
v1.11.20
v1.11.21
v1.11.21-rc.1
v1.11.22
v1.11.23
v1.11.23-rc.1
v1.11.24
v1.11.24-rc.1
v1.11.24-rc.2
v1.11.25
v1.11.25-rc.1
v1.11.25-rc.2
v1.11.25-rc.3
v1.11.26
v1.11.27
v1.11.28
v1.11.29
v1.11.29-rc.1
v1.11.3
v1.11.3-rc.1
v1.11.3-rc.2
v1.11.30
v1.11.30-rc.1
v1.11.31
v1.11.31-rc.1
v1.11.31-rc.2
v1.11.32
v1.11.32-rc.1
v1.11.32-rc.2
v1.11.32-rc.3
v1.11.33
v1.11.34
v1.11.34+patch.1
v1.11.34-patch.1
v1.11.34-rc1
v1.11.35
v1.11.35-no-media-devices-hotfix
v1.11.35-rc.1
v1.11.36
v1.11.36-rc.1
v1.11.36-rc.2
v1.11.37
v1.11.37-rc.1
v1.11.38
v1.11.39
v1.11.39-rc.1
v1.11.4
v1.11.4-rc.1
v1.11.4-rc.2
v1.11.40
v1.11.40-rc.1
v1.11.41
v1.11.41-rc.1
v1.11.41-rc.2
v1.11.42
v1.11.43
v1.11.44
v1.11.44-rc.1
v1.11.45
v1.11.46
v1.11.46-rc.1
v1.11.46-rc.2
v1.11.47
v1.11.47-rc.1
v1.11.48
v1.11.48-rc.1
v1.11.49
v1.11.5
v1.11.5-rc.1
v1.11.50
v1.11.50-rc.0
v1.11.50-rc.1
v1.11.51
v1.11.51-rc.0
v1.11.52
v1.11.52-rc.0
v1.11.53
v1.11.54
v1.11.54-rc.0
v1.11.55
v1.11.56-rc.0
v1.11.57
v1.11.57-rc.1
v1.11.58
v1.11.58-rc.0
v1.11.58-rc.1
v1.11.59
v1.11.59-rc.0
v1.11.6
v1.11.6-rc.1
v1.11.60
v1.11.60-rc.0
v1.11.61
v1.11.61-rc.0
v1.11.62
v1.11.62-rc.0
v1.11.63
v1.11.64
v1.11.64-rc.0
v1.11.65
v1.11.65-rc.0
v1.11.66
v1.11.66-rc.0
v1.11.66-rc.1
v1.11.67
v1.11.67-rc.0
v1.11.67-rc.1
v1.11.68
v1.11.68-rc.0
v1.11.69
v1.11.69-rc.0
v1.11.69-rc.1
v1.11.7
v1.11.70
v1.11.70-rc.0
v1.11.70-rc.1
v1.11.71
v1.11.71-rc.0
v1.11.72
v1.11.72-rc.0
v1.11.73
v1.11.74
v1.11.74-rc.0
v1.11.75
v1.11.76
v1.11.76-rc.0
v1.11.77
v1.11.77-rc.0
v1.11.78
v1.11.78-rc.0
v1.11.79
v1.11.8
v1.11.80
v1.11.80-rc.0
v1.11.81
v1.11.82
v1.11.82-rc.0
v1.11.83
v1.11.84
v1.11.84-rc.0
v1.11.85
v1.11.86
v1.11.86-rc.0
v1.11.87
v1.11.87-rc.0
v1.11.87-rc.1
v1.11.87-rc.2
v1.11.87-rc.3
v1.11.87-rc.4
v1.11.87-rc.5
v1.11.87-rc.6
v1.11.87-rc.7
v1.11.88
v1.11.88-rc.0
v1.11.89
v1.11.9
v1.11.9-rc.1
v1.11.9-rc.2
v1.11.90
v1.11.90-rc.0
v1.11.91
v1.11.91-rc.0
v1.11.91-rc.1
v1.11.92
v1.11.92-rc.0
v1.11.93
v1.11.93-rc.0
v1.11.94
v1.11.95
v1.11.95-rc.0
v1.11.96
v1.11.96-rc.0
v1.11.97
v1.11.97-rc.0
v1.11.98
v1.11.98-rc.0
v1.11.99
v1.2.0
v1.2.0-rc.1
v1.2.1
v1.2.2
v1.2.2-rc.1
v1.2.2-rc.2
v1.2.3
v1.2.3-rc.1
v1.2.4
v1.3.0
v1.3.0-rc.1
v1.3.0-rc.2
v1.3.0-rc.3
v1.3.1
v1.3.1-rc.1
v1.3.2
v1.3.3
v1.3.4
v1.3.4-rc.1
v1.3.5
v1.3.5-rc.1
v1.3.5-rc.2
v1.3.5-rc.3
v1.3.6
v1.4.0
v1.4.0-rc.1
v1.4.0-rc.2
v1.4.1
v1.4.2
v1.4.2-rc.1
v1.5.0
v1.5.0-rc.1
v1.5.1
v1.5.1-rc.1
v1.5.1-rc.2
v1.5.10
v1.5.11
v1.5.11-rc.1
v1.5.12
v1.5.13
v1.5.13-rc.1
v1.5.14
v1.5.14-rc.1
v1.5.15
v1.5.16-rc.1
v1.5.2
v1.5.3
v1.5.4
v1.5.4-rc.1
v1.5.4-rc.2
v1.5.5
v1.5.6
v1.5.6-rc.1
v1.5.7
v1.5.7-rc.1
v1.5.7-rc.2
v1.5.8
v1.5.8-rc.1
v1.5.8-rc.2
v1.5.9
v1.5.9-rc.1
v1.6.0
v1.6.0-rc.1
v1.6.0-rc.2
v1.6.0-rc.3
v1.6.0-rc.4
v1.6.0-rc.5
v1.6.0-rc.6
v1.6.1
v1.6.1-rc.1
v1.6.2
v1.6.3
v1.6.3-rc.1
v1.6.4
v1.6.5
v1.6.6
v1.6.6-rc.1
v1.6.7
v1.6.8
v1.6.8-rc.1
v1.7.0
v1.7.1
v1.7.10
v1.7.11
v1.7.11-rc.1
v1.7.12
v1.7.13
v1.7.13-rc.1
v1.7.14
v1.7.14-rc.1
v1.7.15
v1.7.15-rc.1
v1.7.16
v1.7.16-rc.1
v1.7.17
v1.7.17-rc.1
v1.7.18
v1.7.19
v1.7.19-rc.1
v1.7.2
v1.7.20
v1.7.21
v1.7.21-rc.1
v1.7.22
v1.7.22-rc.1
v1.7.23
v1.7.23-rc.1
v1.7.24
v1.7.24-rc.1
v1.7.25
v1.7.25-rc.1
v1.7.26
v1.7.26-rc.1
v1.7.27
v1.7.27-rc.1
v1.7.28
v1.7.28-rc.1
v1.7.29
v1.7.29-rc.1
v1.7.3
v1.7.3-rc.1
v1.7.30
v1.7.30-rc.1
v1.7.31
v1.7.31-rc.1
v1.7.32
v1.7.32-rc.1
v1.7.33
v1.7.33-rc.1
v1.7.34
v1.7.34-rc.1
v1.7.4
v1.7.4-rc.1
v1.7.5
v1.7.5-rc.1
v1.7.6
v1.7.6-rc.1
v1.7.7
v1.7.8
v1.7.8-rc.1
v1.7.9
v1.7.9-rc.1
v1.8.0
v1.8.0-rc.1
v1.8.1
v1.8.2
v1.8.2-rc.1
v1.8.2-rc.2
v1.8.2-rc.3
v1.8.3-rc.1
v1.8.3-rc.2
v1.8.4
v1.8.5
v1.8.6-rc.1
v1.8.6-rc.2
v1.9.0
v1.9.1
v1.9.1-rc.1
v1.9.1-rc.2
v1.9.10-rc.1
v1.9.10-rc.2
v1.9.2
v1.9.3
v1.9.3-rc.1
v1.9.3-rc.2
v1.9.3-rc.3
v1.9.4
v1.9.4-rc.1
v1.9.5
v1.9.5-rc.1
v1.9.6
v1.9.6-rc.2
v1.9.7
v1.9.8
v1.9.8-rc.1
v1.9.9
v1.9.9-rc.1