Vulnerability in Matrix-org Matrix-rust-sdk

CVE-2025-66622

matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a deni…

EPSS: 0.001 (17.8th percentile) — read the EPSS interpretation.

Affected products

Matrix-org Matrix-rust-sdk — versions < 0.16.0

Weakness classification (CWE)

CWE-755 — Improper Handling of Exceptional Conditions

References

https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3 (x_refsource_CONFIRM)
https://github.com/matrix-org/matrix-rust-sdk/pull/5924 (x_refsource_MISC)
https://github.com/matrix-org/matrix-rust-sdk/commit/4ea0418abefab2aa93f8851a4d39c723e703e6b0 (x_refsource_MISC)
https://rustsec.org/advisories/RUSTSEC-2025-0135.html (x_refsource_MISC)