CVE-2025-59047

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-59047
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59047.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-59047
Aliases
Published
2025-09-11T18:03:50.361Z
Modified
2026-04-10T05:31:45.897334Z
Severity
  • 2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method
Details

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling RoomMember::normalized_power_level() prevents the panic.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59047.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-682"
    ]
}
References

Affected packages

Git / github.com/matrix-org/matrix-rust-sdk

Affected ranges

Type
GIT
Repo
https://github.com/matrix-org/matrix-rust-sdk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5ef3ecac8c63d2373d8e45a47807769e602ebd89

Affected versions

0.*
0.1.0
0.7.0
matrix-qrcode-0.*
matrix-qrcode-0.2.0
matrix-sdk-0.*
matrix-sdk-0.10.0
matrix-sdk-0.11.0
matrix-sdk-0.12.0
matrix-sdk-0.13.0
matrix-sdk-0.14.0
matrix-sdk-0.4.0
matrix-sdk-0.4.1
matrix-sdk-0.8.0
matrix-sdk-0.9.0
matrix-sdk-base-0.*
matrix-sdk-base-0.10.0
matrix-sdk-base-0.11.0
matrix-sdk-base-0.12.0
matrix-sdk-base-0.13.0
matrix-sdk-base-0.14.0
matrix-sdk-base-0.4.0
matrix-sdk-base-0.4.1
matrix-sdk-base-0.8.0
matrix-sdk-base-0.9.0
matrix-sdk-common-0.*
matrix-sdk-common-0.10.0
matrix-sdk-common-0.11.0
matrix-sdk-common-0.12.0
matrix-sdk-common-0.13.0
matrix-sdk-common-0.14.0
matrix-sdk-common-0.4.0
matrix-sdk-common-0.4.1
matrix-sdk-common-0.8.0
matrix-sdk-common-0.9.0
matrix-sdk-crypto-0.*
matrix-sdk-crypto-0.10.0
matrix-sdk-crypto-0.11.0
matrix-sdk-crypto-0.12.0
matrix-sdk-crypto-0.13.0
matrix-sdk-crypto-0.14.0
matrix-sdk-crypto-0.4.0
matrix-sdk-crypto-0.4.1
matrix-sdk-crypto-0.8.0
matrix-sdk-crypto-0.9.0
matrix-sdk-crypto-ffi-0.*
matrix-sdk-crypto-ffi-0.1.0
matrix-sdk-crypto-ffi-0.1.1
matrix-sdk-crypto-ffi-0.1.10
matrix-sdk-crypto-ffi-0.1.2
matrix-sdk-crypto-ffi-0.1.3
matrix-sdk-crypto-ffi-0.1.4
matrix-sdk-crypto-ffi-0.1.5
matrix-sdk-crypto-ffi-0.1.6
matrix-sdk-crypto-ffi-0.1.7
matrix-sdk-crypto-ffi-0.1.8
matrix-sdk-crypto-ffi-0.1.9
matrix-sdk-crypto-ffi-0.11.0
matrix-sdk-crypto-ffi-0.2.0
matrix-sdk-crypto-ffi-0.2.1
matrix-sdk-crypto-ffi-0.3.0
matrix-sdk-crypto-ffi-0.3.1
matrix-sdk-crypto-ffi-0.3.10
matrix-sdk-crypto-ffi-0.3.11
matrix-sdk-crypto-ffi-0.3.12
matrix-sdk-crypto-ffi-0.3.13
matrix-sdk-crypto-ffi-0.3.2
matrix-sdk-crypto-ffi-0.3.4
matrix-sdk-crypto-ffi-0.3.5
matrix-sdk-crypto-ffi-0.3.7
matrix-sdk-crypto-ffi-0.3.8
matrix-sdk-crypto-ffi-0.3.9
matrix-sdk-crypto-ffi-0.4.0
matrix-sdk-crypto-ffi-0.4.1
matrix-sdk-crypto-ffi-0.4.2
matrix-sdk-crypto-ffi-0.4.3
matrix-sdk-crypto-js-v0.*
matrix-sdk-crypto-js-v0.1.0-alpha.0
matrix-sdk-crypto-js-v0.1.0-alpha.1
matrix-sdk-crypto-js-v0.1.0-alpha.2
matrix-sdk-crypto-js-v0.1.0-alpha.4
matrix-sdk-ffi-0.*
matrix-sdk-ffi-0.11.0
matrix-sdk-ffi-0.12.0
matrix-sdk-ffi-0.13.0
matrix-sdk-ffi-0.14.0
Other
matrix-sdk-ffi/20240618
matrix-sdk-ffi/20240704
matrix-sdk-ffi/20240722
matrix-sdk-ffi/20240813
matrix-sdk-ffi/20240827
matrix-sdk-ffi/20240904
matrix-sdk-ffi/20240911
matrix-sdk-ffi/20240913
matrix-sdk-ffi/20240918
matrix-sdk-ffi/20240924
matrix-sdk-ffi/20241008
matrix-sdk-ffi/20241024
matrix-sdk-ffi/20241107
matrix-sdk-ffi/20241127
matrix-sdk-ffi/20241203
matrix-sdk-ffi/20241204
matrix-sdk-ffi/20250131
matrix-sdk-ffi/20250225
matrix-sdk-ffi/20250306
matrix-sdk-ffi/20250320
matrix-sdk-ffi/20250325
matrix-sdk-ffi/20250408
matrix-sdk-ffi/20250422
matrix-sdk-ffi/20250506
matrix-sdk-ffi/20250507
matrix-sdk-ffi/20250521
matrix-sdk-ffi/20250603
matrix-sdk-ffi/20250618
matrix-sdk-ffi/20250701
matrix-sdk-ffi/20250702
matrix-sdk-ffi/20250715
matrix-sdk-ffi/20250728
matrix-sdk-ffi/20250826
matrix-sdk-ffi/20250909
matrix-sdk-ffi/20252502
matrix-sdk-indexeddb-0.*
matrix-sdk-indexeddb-0.10.0
matrix-sdk-indexeddb-0.11.0
matrix-sdk-indexeddb-0.12.0
matrix-sdk-indexeddb-0.13.0
matrix-sdk-indexeddb-0.14.0
matrix-sdk-indexeddb-0.8.0
matrix-sdk-indexeddb-0.9.0
matrix-sdk-qrcode-0.*
matrix-sdk-qrcode-0.10.0
matrix-sdk-qrcode-0.11.0
matrix-sdk-qrcode-0.12.0
matrix-sdk-qrcode-0.13.0
matrix-sdk-qrcode-0.14.0
matrix-sdk-qrcode-0.8.0
matrix-sdk-qrcode-0.9.0
matrix-sdk-search-0.*
matrix-sdk-search-0.14.0
matrix-sdk-sqlite-0.*
matrix-sdk-sqlite-0.10.0
matrix-sdk-sqlite-0.11.0
matrix-sdk-sqlite-0.12.0
matrix-sdk-sqlite-0.13.0
matrix-sdk-sqlite-0.14.0
matrix-sdk-sqlite-0.8.0
matrix-sdk-sqlite-0.9.0
matrix-sdk-store-encryption-0.*
matrix-sdk-store-encryption-0.10.0
matrix-sdk-store-encryption-0.11.0
matrix-sdk-store-encryption-0.12.0
matrix-sdk-store-encryption-0.13.0
matrix-sdk-store-encryption-0.14.0
matrix-sdk-store-encryption-0.8.0
matrix-sdk-store-encryption-0.9.0
matrix-sdk-test-0.*
matrix-sdk-test-0.10.0
matrix-sdk-test-0.11.0
matrix-sdk-test-0.12.0
matrix-sdk-test-0.13.0
matrix-sdk-test-0.14.0
matrix-sdk-test-0.4.0
matrix-sdk-test-macros-0.*
matrix-sdk-test-macros-0.10.0
matrix-sdk-test-macros-0.11.0
matrix-sdk-test-macros-0.12.0
matrix-sdk-test-macros-0.13.0
matrix-sdk-test-macros-0.14.0
matrix-sdk-test-utils-0.*
matrix-sdk-test-utils-0.14.0
matrix-sdk-ui-0.*
matrix-sdk-ui-0.10.0
matrix-sdk-ui-0.11.0
matrix-sdk-ui-0.12.0
matrix-sdk-ui-0.13.0
matrix-sdk-ui-0.14.0
matrix-sdk-ui-0.8.0
matrix-sdk-ui-0.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59047.json"