CNNVD-202510-2291 Information

Oct 16, 2025 cve

CNNVD ID

CNNVD-202510-2291

CVE-2025-62425

CNNVD Published: 2025-10-16

Description (Chinese)

Matrix Authentication Service是Element开源的一个用户管理和认证系统。 Matrix Authentication Service 0.20.0版本至1.4.0版本存在安全漏洞，该漏洞源于逻辑缺陷，可能导致攻击者在访问已验证MAS会话时无需输入当前密码即可执行敏感操作。

Description (English)

Matrix Administration Service is a user management and authentication system for the Open Source of Element. There is a security loophole between versions 0.20.0 and 1.4.0 of the Matrix Administration Service, which stems from a logical flaw that may lead the assailant to perform sensitive operations without entering the current password when visiting a validated MAS session.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Element

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/element-hq/matrix-authentication-service/commit/bce99edb6177be11f8f38c1d01f5606ce7b4b2e5 https://github.com/element-hq/matrix-authentication-service/security/advisories/GHSA-6wfp-jq3r-j9xh https://access.redhat.com/security/cve/cve-2025-62425

Patch

https://github.com/element-hq/matrix-authentication-service/releases

Share on: