SQL Injection in Matrix-org Matrix-rust-sdk

CVE-2025-53549

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room memb…

Vulnerability class: SQL Injection

EPSS: 0.002 (38.4th percentile) — read the EPSS interpretation.

Affected products

Matrix-org Matrix-rust-sdk — versions >= 0.11, < 0.13

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-275g-g844-73jh (x_refsource_CONFIRM)
https://github.com/matrix-org/matrix-rust-sdk/pull/4849 (x_refsource_MISC)