CVE-2025-59161

CVSS v4.0

2.7

Low

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Element Web versions prior to 1.11.112 Element Desktop versions prior to 1.11.112

Description Element Web and Element Desktop are susceptible to a room list manipulation issue due to insufficient validation of room predecessor links. A remote attacker may attempt to temporarily replace a room's entry in the room list with a room controlled by the attacker, potentially misleading users. Reloading or refreshing the page will restore the correct room list.

Recommendations Upgrade Element Web to version 1.11.112. Upgrade Element Desktop to version 1.11.112.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-59161

GHSA-M6C8-98F4-75RR

OPENSUSE-SU-2025:15558-1

OPENSUSE-SU-2025:15559-1

Affected Products

Element Desktop

Element Web

CVE-2025-59161

Weakness Enumeration

Related Identifiers

Affected Products

References · 11