{"id":"CVE-2025-59161","summary":"In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left","details":"Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions. The issue has been patched and users should upgrade to 1.11.112. A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room.","aliases":["GHSA-m6c8-98f4-75rr"],"modified":"2026-04-10T05:31:49.387926Z","published":"2025-09-16T16:44:15.660Z","related":["openSUSE-SU-2025:15558-1","openSUSE-SU-2025:15559-1"],"database_specific":{"cwe_ids":["CWE-20"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59161.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59161.json"},{"type":"ADVISORY","url":"https://github.com/element-hq/element-web/security/advisories/GHSA-m6c8-98f4-75rr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59161"},{"type":"FIX","url":"https://github.com/element-hq/element-web/commit/8e9a43d70c90e6a3b110cd0a377296079e4c81f5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/element-hq/element-web","events":[{"introduced":"0"},{"fixed":"87d40ab0e0d38a064912ee73ffaa8684cb1e79b1"}]}],"versions":["no-media-devices-release","v0.1.2","v0.10.0","v0.10.0-rc.2","v0.12.0-rc.1","v0.12.1","v0.12.1-rc.1","v0.12.2","v0.14.3-rc.1","v0.15.0","v0.15.0-rc.1","v0.15.0-rc.2","v0.15.0-rc.3","v0.15.0-rc.4","v0.15.0-rc.5","v0.15.0-rc.6","v0.15.1","v0.15.4","v0.15.4-rc.1","v0.15.5","v0.15.5-rc.1","v0.16.0","v0.16.0-rc.1","v0.16.0-rc.2","v0.16.3","v0.16.3-rc.1","v0.16.3-rc.2","v0.17.8","v0.17.8-rc.1","v0.3.0","v0.4.0","v0.4.1","v0.5.0","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.7.2","v0.7.3","v0.7.4","v0.7.4-r1","v0.7.5","v0.7.5-r1","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.9.2","v0.9.3","v1.11.111","v1.11.111-rc.0","v1.11.35-no-media-devices-hotfix","v1.11.68","v1.11.68-rc.0","v1.4.0","v1.4.0-rc.1","v1.4.0-rc.2","v1.4.1","v1.4.2","v1.4.2-rc.1","v1.5.10","v1.5.3","v1.7.0","v1.7.1","v1.7.11","v1.7.11-rc.1","v1.7.13","v1.7.13-rc.1","v1.7.14","v1.7.14-rc.1","v1.7.16","v1.7.16-rc.1","v1.7.2","v1.7.23","v1.7.23-rc.1","v1.7.30","v1.7.30-rc.1","v1.7.9","v1.7.9-rc.1","v1.9.5","v1.9.5-rc.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59161.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"}]}