CVE-2025-30355
- Source
- https://cve.org/CVERecord?id=CVE-2025-30355
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30355.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-30355
- Aliases
- Downstream
- Related
- Published
- 2025-03-27T00:59:27.996Z
- Modified
- 2026-04-10T05:24:46.263978Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
- Summary
- Synapse vulnerable to federation denial of service via malformed events
- Details
-
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30355.json", "cwe_ids": [ "CWE-20" ] }- References
-
- https://github.com/element-hq/synapse/releases/tag/v1.127.1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30355.json
- https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
- https://nvd.nist.gov/vuln/detail/CVE-2025-30355
- https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
Affected packages
Git / github.com/element-hq/synapse
Affected ranges
- Type
- GIT
- Repo
- https://github.com/element-hq/synapse
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/element-hq/synapse
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
hhs-1
hhs-2
hhs-3
hhs-5
hhs-6
hhs-7
hhs-8
v0.*
v0.10.0
v0.10.0-r1
v0.10.0-r2
v0.11.0
v0.11.0-r1
v0.11.0-r2
v0.11.1
v0.12.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.16.0
v0.16.1
v0.16.1-r1
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.18.4
v0.18.5
v0.2.0
v0.2.1
v0.2.1a
v0.2.2
v0.23.0-rc1
v0.23.0-rc2
v0.25.0-rc1
v0.28.0-rc1
v0.3.0
v0.3.3
v0.3.4
v0.32.0
v0.32.0rc1
v0.32.2
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.3a
v0.5.3b
v0.5.3c
v0.5.4
v0.5.4a
v0.6.0
v0.6.0a
v0.6.0b
v0.6.1
v0.6.1a
v0.6.1b
v0.6.1c
v0.6.1d
v0.6.1e
v0.6.1f
v0.7.0
v0.7.0a
v0.7.0b
v0.7.0c
v0.7.0d
v0.7.0e
v0.7.0f
v0.7.1
v0.7.1-r1
v0.7.1-r2
v0.7.1-r3
v0.7.1-r4
v0.8.0
v0.8.1
v0.8.1-r1
v0.8.1-r2
v0.8.1-r3
v0.8.1-r4
v0.9.0
v0.9.0-r1
v0.9.0-r2
v0.9.0-r3
v0.9.0-r4
v0.9.0-r5
v0.9.1
v0.9.2
v0.9.2-r1
v0.9.2-r2
v0.9.3
v0.99.1rc1
v0.99.2rc1
v0.99.4rc1
v0.99.5.1.dev0
v1.*
v1.1.0rc1
v1.1.0rc2
v1.10.0rc1
v1.100.0rc1
v1.100.0rc2
v1.100.0rc3
v1.101.0rc1
v1.103.0rc1
v1.104.0rc1
v1.105.0rc1
v1.106.0rc1
v1.11.0rc1
v1.111.0rc1
v1.112.0rc1
v1.114.0rc1
v1.115.0rc1
v1.116.0rc1
v1.12.0rc1
v1.121.0rc1
v1.123.0rc1
v1.124.0rc1
v1.126.0rc1
v1.126.0rc2
v1.126.0rc3
v1.127.0
v1.127.0rc1
v1.14.0rc1
v1.15.0rc1
v1.16.0rc1
v1.17.0rc1
v1.18.0rc1
v1.23.0rc1
v1.24.0rc1
v1.27.0rc1
v1.29.0rc1
v1.3.0rc1
v1.30.0rc1
v1.31.0rc1
v1.32.0rc1
v1.34.0rc1
v1.35.0rc1
v1.36.0rc1
v1.4.0rc1
v1.40.0rc1
v1.49.0rc1
v1.5.0rc1
v1.52.0rc1
v1.6.0rc1
v1.62.0rc1
v1.63.0rc1
v1.75.0rc1
v1.76.0rc1
v1.78.0rc1
v1.79.0rc1
v1.8.0rc1
v1.81.0rc1
v1.84.0rc1
v1.87.0rc1
v1.88.0rc1
v1.9.0.dev1
v1.9.0.dev2
v1.9.0rc1
v1.90.0rc1
v1.94.0rc1
v1.95.0rc1
v1.98.0rc1
v1.99.0rc1