CNNVD-202509-2329 Information

CNNVD ID

CNNVD-202509-2329

Related CVE

CVE-2025-59161

• CNNVD Published: 2025-09-16

Description (Chinese)

Element Desktop是Element开源的一个以 Element Web 为核心的桌面平台的 Matrix 客户端。 Element Desktop 1.11.112之前版本存在输入验证错误漏洞，该漏洞源于对房间前置链接验证不足，可能导致远程攻击者临时替换房间列表中的条目。

Description (English)

Element Desktop is a Matrix client of the Element Open Source desktop platform centred on Element Web. The pre-Element Desktop 1.11.12 version had an input validation error gap, which stemmed from the inadequate verification of front-links to the room, which could lead to the temporary replacement of entries in the list of rooms by remote assailants.

Hazard Level

Critical

Vulnerability Type

输入验证错误

Affected Vendor

Element

Published

2025-09-16

Last Modified

2026-02-24

References

https://github.com/element-hq/element-web/commit/8e9a43d70c90e6a3b110cd0a377296079e4c81f5 https://github.com/element-hq/element-web/security/advisories/GHSA-m6c8-98f4-75rr https://access.redhat.com/security/cve/cve-2025-59161

Patch

https://element.io/download