All the vulnerabilites related to matrix-org - matrix-rust-sdk
cve-2022-39252
Vulnerability from cvelistv5
Published
2022-09-29 14:15
Modified
2025-04-23 16:54
Severity ?
EPSS score ?
Summary
When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| matrix-org | matrix-rust-sdk |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:29.306523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:54:05.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "matrix-rust-sdk",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-322",
"description": "CWE-322: Key Exchange without Entity Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T14:15:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0"
}
],
"source": {
"advisory": "GHSA-vp68-2wrm-69qm",
"discovery": "UNKNOWN"
},
"title": "When matrix-rust-sdk recieves forwarded room keys, the reciever doesn\u0027t check if it requested the key from the forwarder",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39252",
"STATE": "PUBLIC",
"TITLE": "When matrix-rust-sdk recieves forwarded room keys, the reciever doesn\u0027t check if it requested the key from the forwarder"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "matrix-rust-sdk",
"version": {
"version_data": [
{
"version_value": "\u003c 0.6"
}
]
}
}
]
},
"vendor_name": "matrix-org"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-322: Key Exchange without Entity Authentication"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm",
"refsource": "CONFIRM",
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb",
"refsource": "MISC",
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd",
"refsource": "MISC",
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0",
"refsource": "MISC",
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0"
}
]
},
"source": {
"advisory": "GHSA-vp68-2wrm-69qm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39252",
"datePublished": "2022-09-29T14:15:14.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:54:05.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40648
Vulnerability from cvelistv5
Published
2024-07-18 16:45
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
`UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-4qg4-cvh2-crgg | x_refsource_CONFIRM | |
| https://github.com/matrix-org/matrix-rust-sdk/commit/76a7052149bb8f722df12da915b3a06d19a6695a | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| matrix-org | matrix-rust-sdk |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T17:48:37.397749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T17:48:47.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-4qg4-cvh2-crgg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-4qg4-cvh2-crgg"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/76a7052149bb8f722df12da915b3a06d19a6695a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/76a7052149bb8f722df12da915b3a06d19a6695a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "matrix-rust-sdk",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003c 0.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn\u0027t take into account the verification status of the user\u0027s own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. If the method is used to decide whether to perform sensitive operations towards a user identity, a malicious homeserver could manipulate the outcome in order to make the identity appear trusted. This is not a typical usage of the method, which lowers the impact. The method itself is not used inside the `matrix-sdk-crypto` crate. The 0.7.2 release of the `matrix-sdk-crypto` crate includes a fix. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T16:45:56.321Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-4qg4-cvh2-crgg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-4qg4-cvh2-crgg"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/76a7052149bb8f722df12da915b3a06d19a6695a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/76a7052149bb8f722df12da915b3a06d19a6695a"
}
],
"source": {
"advisory": "GHSA-4qg4-cvh2-crgg",
"discovery": "UNKNOWN"
},
"title": "`UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-40648",
"datePublished": "2024-07-18T16:45:56.321Z",
"dateReserved": "2024-07-08T16:13:15.513Z",
"dateUpdated": "2024-08-02T04:33:11.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-59047
Vulnerability from cvelistv5
Published
2025-09-11 18:03
Modified
2025-09-11 18:22
Severity ?
EPSS score ?
Summary
matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j | x_refsource_CONFIRM | |
| https://github.com/matrix-org/matrix-rust-sdk/pull/5635 | x_refsource_MISC | |
| https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207 | x_refsource_MISC | |
| https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| matrix-org | matrix-rust-sdk |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T18:20:03.606727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:22:28.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "matrix-rust-sdk",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn\u2019t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682: Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:03:50.361Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/pull/5635",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/pull/5635"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1"
}
],
"source": {
"advisory": "GHSA-qhj8-q5r6-8q6j",
"discovery": "UNKNOWN"
},
"title": "matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59047",
"datePublished": "2025-09-11T18:03:50.361Z",
"dateReserved": "2025-09-08T16:19:26.172Z",
"dateUpdated": "2025-09-11T18:22:28.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-53549
Vulnerability from cvelistv5
Published
2025-07-10 18:28
Modified
2025-07-10 19:02
Severity ?
EPSS score ?
Summary
Matrix Rust SDK allows SQL injection in the EventCache implementation
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-275g-g844-73jh | x_refsource_CONFIRM | |
| https://github.com/matrix-org/matrix-rust-sdk/pull/4849 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| matrix-org | matrix-rust-sdk |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T19:02:17.517266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T19:02:23.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "matrix-rust-sdk",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.11, \u003c 0.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly pass relation types provided by those room members into this method, when used with the default sqlite-based store backend. Exploitation is unlikely, as no known clients currently use the API in this manner. This vulnerability is fixed in 0.13."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T18:28:24.373Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-275g-g844-73jh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-275g-g844-73jh"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/pull/4849",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/pull/4849"
}
],
"source": {
"advisory": "GHSA-275g-g844-73jh",
"discovery": "UNKNOWN"
},
"title": "Matrix Rust SDK allows SQL injection in the EventCache implementation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53549",
"datePublished": "2025-07-10T18:28:24.373Z",
"dateReserved": "2025-07-02T15:15:11.516Z",
"dateUpdated": "2025-07-10T19:02:23.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52813
Vulnerability from cvelistv5
Published
2025-01-07 15:25
Modified
2025-01-07 17:11
Severity ?
EPSS score ?
Summary
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg | x_refsource_CONFIRM | |
| https://github.com/matrix-org/matrix-rust-sdk/pull/3795 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| matrix-org | matrix-rust-sdk |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T17:11:25.802232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T17:11:35.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "matrix-rust-sdk",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user\u0027s cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-223",
"description": "CWE-223: Omission of Security-relevant Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T15:25:47.794Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/pull/3795",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/pull/3795"
}
],
"source": {
"advisory": "GHSA-r5vf-wf4h-82gg",
"discovery": "UNKNOWN"
},
"title": "matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52813",
"datePublished": "2025-01-07T15:25:47.794Z",
"dateReserved": "2024-11-15T17:11:13.444Z",
"dateUpdated": "2025-01-07T17:11:35.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-48937
Vulnerability from cvelistv5
Published
2025-06-10 15:32
Modified
2025-06-10 15:46
Severity ?
EPSS score ?
Summary
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| matrix-org | matrix-rust-sdk |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:46:10.128770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:46:22.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "matrix-rust-sdk",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.8.0, \u003c 0.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. This vulnerability is fixed in 0.11.1 and 0.12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:32:00.822Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-x958-rvg6-956w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-x958-rvg6-956w"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/13c1d2048286bbabf5e7bc6b015aafee98f04d55",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/13c1d2048286bbabf5e7bc6b015aafee98f04d55"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/56980745b4f27f7dc72ac296e6aa003e5d92a75b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/56980745b4f27f7dc72ac296e6aa003e5d92a75b"
},
{
"name": "https://spec.matrix.org/v1.14/client-server-api/#mmegolmv1aes-sha2",
"tags": [
"x_refsource_MISC"
],
"url": "https://spec.matrix.org/v1.14/client-server-api/#mmegolmv1aes-sha2"
}
],
"source": {
"advisory": "GHSA-x958-rvg6-956w",
"discovery": "UNKNOWN"
},
"title": "matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48937",
"datePublished": "2025-06-10T15:32:00.822Z",
"dateReserved": "2025-05-28T18:49:07.578Z",
"dateUpdated": "2025-06-10T15:46:22.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}