CVE-2025-59047
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-09-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| matrix-org | matrix-sdk-base | 0.14.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-682 | The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the matrix-sdk-base library before version 0.14.1. Calling the method RoomMember::normalized_power_level() can cause the program to panic if a room member has a power level set to Int::Min. The issue occurs because the method does not handle this edge case properly. The vulnerability is fixed in version 0.14.1, and avoiding calling this method prevents the panic.
How can this vulnerability impact me? :
If your application or client library calls the RoomMember::normalized_power_level() method on a room member with a power level of Int::Min, it can cause a panic, which may crash the application or disrupt its normal operation. Since the affected method is not used internally, the impact depends on whether your code calls this method. Avoiding the method or upgrading to version 0.14.1 mitigates the risk.
What immediate steps should I take to mitigate this vulnerability?
Update matrix-sdk-base to version 0.14.1 or later. Alternatively, avoid calling the RoomMember::normalized_power_level() method to prevent the panic.