CVE-2025-66622
BaseFortify
Publication date: 2025-12-09
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| matrix | matrix-rust-sdk | to 0.16.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-755 | The product does not handle or incorrectly handles an exceptional condition. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in matrix-sdk-base versions 0.14.1 and prior, where the software cannot properly handle responses containing custom m.room.join_rules values due to a serialization bug. If a user is invited to a room with non-standard join rules, the synchronization process stalls, causing a denial-of-service condition that prevents further processing for all rooms.
How can this vulnerability impact me? :
This vulnerability can cause a denial-of-service condition in the matrix-sdk-base client library. Specifically, if a user is invited to a room with non-standard join rules, the synchronization process will stall and stop processing updates for all rooms, potentially disrupting normal application functionality.
What immediate steps should I take to mitigate this vulnerability?
Upgrade matrix-sdk-base to version 0.16.0 or later, as this version fixes the serialization bug causing the denial-of-service condition.