CVE-2025-59161 In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...