CVE-2025-54315
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| matrix | specification | 1.16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-837 | The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Matrix specification versions before 1.16 (specifically room versions before 12) where there is a lack of create event uniqueness. This means that the system does not properly ensure that create events are unique, potentially allowing issues related to event handling or duplication.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to exploit the lack of create event uniqueness, which could lead to integrity issues such as unauthorized or duplicated events within a Matrix room. According to the CVSS score, it has a high impact on integrity and a low impact on availability, meaning it could allow malicious modification of data or state within the system.