CVE-2025-30355

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-30355
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30355.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-30355
Aliases
Downstream
Related
Published
2025-03-27T00:59:27Z
Modified
2025-10-14T14:35:23Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
Synapse vulnerable to federation denial of service via malformed events
Details

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.

References

Affected packages

Git /

Affected ranges

Database specific 

{
    "unresolved_versions": [
        {
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "fixed": "1.127.1"
                }
            ],
            "type": ""
        }
    ]
}