Improper input validation in Element-hq Element-web

CVE-2025-59161

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently rep…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (29.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References