CNNVD-202507-1387 Information
CNNVD ID
CNNVD-202507-1387
Related CVE
- CNNVD Published: 2025-07-10
Description (Chinese)
Matrix Rust SDK是The Matrix.org Foundation开源的一个基于Rust的Matrix客户端服务器开发工具包。 Matrix Rust SDK 0.11和0.12版本存在SQL注入漏洞,该漏洞源于EventCache::find_event_with_relations方法中SQL注入,可能导致执行任意SQL命令。
Description (English)
Matrix Rust SDK is a Rust-based Matrix server development toolkit for The Matrix.org Foundation Open Source. There is an SQL injection loophole in the versions of Matrix Rust SDK 0.11 and 0.12, which originates from the SQL injection in the EventCache:find event with relations method, which may result in the execution of any SQL order.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
The Matrix.org Foundation
Published
2025-07-10
Last Modified
2026-02-24
References
https://github.com/matrix-org/matrix-rust-sdk/pull/4849 https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-275g-g844-73jh https://nvd.nist.gov/vuln/detail/CVE-2025-53549 https://access.redhat.com/security/cve/cve-2025-53549
Patch
https://github.com/matrix-org/matrix-rust-sdk/releases
Share on: