CNNVD-202509-2333 Information
CNNVD ID
CNNVD-202509-2333
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
matrix-js-sdk是Matrix开源的一个应用组件。 matrix-js-sdk 38.2.0之前版本存在数据伪造问题漏洞,该漏洞源于MatrixClient::getJoinedRooms中房间前驱链接验证不足,可能导致攻击者用无关房间替换已废弃房间。
Description (English)
Matrix-js-sdk is an application component of the Matrix Open Source. The previous version of matrix-js-sdk 38.2.0 had a data-false loophole, which stemmed from the lack of proof of front-pulsing links in the MatrixClient:getJoinedRooms, which could lead the attackers to replace abandoned rooms with unrelated rooms.
Hazard Level
High
Vulnerability Type
数据伪造问题
Affected Vendor
Matter Labs
Published
2025-09-16
Last Modified
2026-02-24
References
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4 https://access.redhat.com/security/cve/cve-2025-59160
Patch
https://github.com/matrix-org/matrix-js-sdk/releases
Share on: