CVE-2025-53549

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-53549

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53549.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53549

Aliases

Published

2025-07-10T18:28:24.373Z

Modified

2025-12-05T10:19:27.364292Z

Severity

5.2 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Matrix Rust SDK allows SQL injection in the EventCache implementation

Details

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwith_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly pass relation types provided by those room members into this method, when used with the default sqlite-based store backend. Exploitation is unlikely, as no known clients currently use the API in this manner. This vulnerability is fixed in 0.13.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53549.json"
}

References

Affected packages

Git / github.com/matrix-org/matrix-rust-sdk

Affected ranges

Type

GIT

Repo

https://github.com/matrix-org/matrix-rust-sdk

Events

Introduced

1e938df90d90b5d0a423499dea42e01167b4f428

Fixed

18b169ca7ec17440f9fa1170026cbc32e20a06d8

Database specific

{
    "versions": [
        {
            "introduced": "0.11"
        },
        {
            "fixed": "0.13"
        }
    ]
}

Affected versions

matrix-sdk-0.*

matrix-sdk-0.11.0

matrix-sdk-0.12.0

matrix-sdk-base-0.*

matrix-sdk-base-0.11.0

matrix-sdk-base-0.12.0

matrix-sdk-common-0.*

matrix-sdk-common-0.11.0

matrix-sdk-common-0.12.0

matrix-sdk-crypto-0.*

matrix-sdk-crypto-0.11.0

matrix-sdk-crypto-0.11.1

matrix-sdk-crypto-0.12.0

matrix-sdk-crypto-ffi-0.*

matrix-sdk-crypto-ffi-0.11.0

matrix-sdk-crypto-ffi-0.11.1

matrix-sdk-ffi-0.*

matrix-sdk-ffi-0.11.0

matrix-sdk-ffi-0.12.0

Other

matrix-sdk-ffi/20250422

matrix-sdk-ffi/20250506

matrix-sdk-ffi/20250507

matrix-sdk-ffi/20250521

matrix-sdk-ffi/20250603

matrix-sdk-ffi/20250618

matrix-sdk-ffi/20250701

matrix-sdk-ffi/20250702

matrix-sdk-indexeddb-0.*

matrix-sdk-indexeddb-0.11.0

matrix-sdk-indexeddb-0.12.0

matrix-sdk-qrcode-0.*

matrix-sdk-qrcode-0.11.0

matrix-sdk-qrcode-0.12.0

matrix-sdk-sqlite-0.*

matrix-sdk-sqlite-0.11.0

matrix-sdk-sqlite-0.12.0

matrix-sdk-store-encryption-0.*

matrix-sdk-store-encryption-0.11.0

matrix-sdk-store-encryption-0.12.0

matrix-sdk-test-0.*

matrix-sdk-test-0.11.0

matrix-sdk-test-0.12.0

matrix-sdk-test-macros-0.*

matrix-sdk-test-macros-0.11.0

matrix-sdk-test-macros-0.12.0

matrix-sdk-ui-0.*

matrix-sdk-ui-0.11.0

matrix-sdk-ui-0.12.0