Improper input validation in Element-hq Element-web
CVE-2025-59161
Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently rep…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.004 (29.8th percentile) — read the EPSS interpretation.
Affected products
- Element-hq Element-web — versions < 1.11.112
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)