CNNVD-202510-1143 Information
CNNVD ID
CNNVD-202510-1143
Related CVE
- CNNVD Published: 2025-10-08
Description (Chinese)
synapse是Element开源的一个矩阵主服务器。 synapse 1.138.3之前版本和1.139.0版本存在安全漏洞,该漏洞源于缺少设备密钥验证,可能导致联盟功能降级。
Description (English)
Synapse is a matrix main server for the Element Open Source. There is a security loophole in the pre-synapse 1.183 and 1.139.0 versions, which stems from a lack of equipment key authentication and may lead to a downgrading of the coalition function.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Element
Published
2025-10-08
Last Modified
2026-02-24
References
https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1 https://github.com/element-hq/synapse/releases/tag/v1.139.1 https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740 https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr https://github.com/element-hq/synapse/releases/tag/v1.138.3 https://github.com/element-hq/synapse/pull/17097 https://access.redhat.com/security/cve/cve-2025-61672
Patch
https://github.com/matrix-org/synapse/releases
Share on: