CVE-2025-66622
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-66622
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66622.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66622
- Aliases
- Published
- 2025-12-09T02:07:18.831Z
- Modified
- 2025-12-11T12:15:02.494106Z
- Severity
-
- 1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values
- Details
-
matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventing further processing for all rooms. This is fixed in version 0.16.0.
- Database specific
{ "cwe_ids": [ "CWE-755" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66622.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66622.json
- https://github.com/matrix-org/matrix-rust-sdk/commit/4ea0418abefab2aa93f8851a4d39c723e703e6b0
- https://github.com/matrix-org/matrix-rust-sdk/pull/5924
- https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3
- https://nvd.nist.gov/vuln/detail/CVE-2025-66622
- https://rustsec.org/advisories/RUSTSEC-2025-0135.html
Affected packages
Git / github.com/matrix-org/matrix-rust-sdk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/matrix-org/matrix-rust-sdk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.2.0
0.3.0
0.7.0
0.7.1
0.7.1-qrcode
0.7.1-sqlite
0.7.2-crypto
Other
0f
matrix-sdk-ffi/20240618
matrix-sdk-ffi/20240704
matrix-sdk-ffi/20240722
matrix-sdk-ffi/20240813
matrix-sdk-ffi/20240827
matrix-sdk-ffi/20240904
matrix-sdk-ffi/20240911
matrix-sdk-ffi/20240913
matrix-sdk-ffi/20240918
matrix-sdk-ffi/20240924
matrix-sdk-ffi/20241008
matrix-sdk-ffi/20241024
matrix-sdk-ffi/20241107
matrix-sdk-ffi/20241127
matrix-sdk-ffi/20241203
matrix-sdk-ffi/20241204
matrix-sdk-ffi/20250131
matrix-sdk-ffi/20250225
matrix-sdk-ffi/20250306
matrix-sdk-ffi/20250320
matrix-sdk-ffi/20250325
matrix-sdk-ffi/20250408
matrix-sdk-ffi/20250422
matrix-sdk-ffi/20250506
matrix-sdk-ffi/20250507
matrix-sdk-ffi/20250521
matrix-sdk-ffi/20250603
matrix-sdk-ffi/20250618
matrix-sdk-ffi/20250701
matrix-sdk-ffi/20250702
matrix-sdk-ffi/20250715
matrix-sdk-ffi/20250728
matrix-sdk-ffi/20250826
matrix-sdk-ffi/20250909
matrix-sdk-ffi/20251007
matrix-sdk-ffi/20251104
matrix-sdk-ffi/20251118
matrix-sdk-ffi/20252502
sdk-ffi/20250923
matrix-qrcode-0.*
matrix-qrcode-0.2.0
matrix-sdk-0.*
matrix-sdk-0.10.0
matrix-sdk-0.11.0
matrix-sdk-0.12.0
matrix-sdk-0.13.0
matrix-sdk-0.14.0
matrix-sdk-0.4.0
matrix-sdk-0.4.1
matrix-sdk-0.5.0
matrix-sdk-0.6.0
matrix-sdk-0.8.0
matrix-sdk-0.9.0
matrix-sdk-base-0.*
matrix-sdk-base-0.10.0
matrix-sdk-base-0.11.0
matrix-sdk-base-0.12.0
matrix-sdk-base-0.13.0
matrix-sdk-base-0.14.0
matrix-sdk-base-0.14.1
matrix-sdk-base-0.4.0
matrix-sdk-base-0.4.1
matrix-sdk-base-0.5.0
matrix-sdk-base-0.5.1
matrix-sdk-base-0.6.0
matrix-sdk-base-0.8.0
matrix-sdk-base-0.9.0
matrix-sdk-common-0.*
matrix-sdk-common-0.10.0
matrix-sdk-common-0.11.0
matrix-sdk-common-0.12.0
matrix-sdk-common-0.13.0
matrix-sdk-common-0.14.0
matrix-sdk-common-0.4.0
matrix-sdk-common-0.4.1
matrix-sdk-common-0.5.0
matrix-sdk-common-0.6.0
matrix-sdk-common-0.8.0
matrix-sdk-common-0.9.0
matrix-sdk-crypto-0.*
matrix-sdk-crypto-0.10.0
matrix-sdk-crypto-0.11.0
matrix-sdk-crypto-0.11.1
matrix-sdk-crypto-0.12.0
matrix-sdk-crypto-0.13.0
matrix-sdk-crypto-0.14.0
matrix-sdk-crypto-0.4.0
matrix-sdk-crypto-0.4.1
matrix-sdk-crypto-0.5.0
matrix-sdk-crypto-0.6.0
matrix-sdk-crypto-0.8.0
matrix-sdk-crypto-0.9.0
matrix-sdk-crypto-ffi-0.*
matrix-sdk-crypto-ffi-0.1.0
matrix-sdk-crypto-ffi-0.1.1
matrix-sdk-crypto-ffi-0.1.10
matrix-sdk-crypto-ffi-0.1.2
matrix-sdk-crypto-ffi-0.1.3
matrix-sdk-crypto-ffi-0.1.4
matrix-sdk-crypto-ffi-0.1.5
matrix-sdk-crypto-ffi-0.1.6
matrix-sdk-crypto-ffi-0.1.7
matrix-sdk-crypto-ffi-0.1.8
matrix-sdk-crypto-ffi-0.1.9
matrix-sdk-crypto-ffi-0.11.0
matrix-sdk-crypto-ffi-0.11.1
matrix-sdk-crypto-ffi-0.2.0
matrix-sdk-crypto-ffi-0.2.1
matrix-sdk-crypto-ffi-0.3.0
matrix-sdk-crypto-ffi-0.3.1
matrix-sdk-crypto-ffi-0.3.10
matrix-sdk-crypto-ffi-0.3.11
matrix-sdk-crypto-ffi-0.3.12
matrix-sdk-crypto-ffi-0.3.13
matrix-sdk-crypto-ffi-0.3.2
matrix-sdk-crypto-ffi-0.3.4
matrix-sdk-crypto-ffi-0.3.5
matrix-sdk-crypto-ffi-0.3.6
matrix-sdk-crypto-ffi-0.3.7
matrix-sdk-crypto-ffi-0.3.8
matrix-sdk-crypto-ffi-0.3.9
matrix-sdk-crypto-ffi-0.4.0
matrix-sdk-crypto-ffi-0.4.1
matrix-sdk-crypto-ffi-0.4.2
matrix-sdk-crypto-ffi-0.4.3
matrix-sdk-crypto-js-0.*
matrix-sdk-crypto-js-0.1.0
matrix-sdk-crypto-js-0.1.0-alpha.10
matrix-sdk-crypto-js-0.1.0-alpha.6
matrix-sdk-crypto-js-0.1.0-alpha.8
matrix-sdk-crypto-js-0.1.0-alpha.9
matrix-sdk-crypto-js-0.1.2
matrix-sdk-crypto-js-0.1.3
matrix-sdk-crypto-js-0.1.4
matrix-sdk-crypto-js-v0.*
matrix-sdk-crypto-js-v0.1.0-alpha.0
matrix-sdk-crypto-js-v0.1.0-alpha.1
matrix-sdk-crypto-js-v0.1.0-alpha.2
matrix-sdk-crypto-js-v0.1.0-alpha.3
matrix-sdk-crypto-js-v0.1.0-alpha.4
matrix-sdk-crypto-js-v0.1.0-alpha.5
matrix-sdk-crypto-js-v0.1.0-alpha.6
matrix-sdk-crypto-nodejs-v0.*
matrix-sdk-crypto-nodejs-v0.1.0-beta.0
matrix-sdk-ffi-0.*
matrix-sdk-ffi-0.11.0
matrix-sdk-ffi-0.12.0
matrix-sdk-ffi-0.13.0
matrix-sdk-ffi-0.14.0
matrix-sdk-indexeddb-0.*
matrix-sdk-indexeddb-0.1.0
matrix-sdk-indexeddb-0.10.0
matrix-sdk-indexeddb-0.11.0
matrix-sdk-indexeddb-0.12.0
matrix-sdk-indexeddb-0.13.0
matrix-sdk-indexeddb-0.14.0
matrix-sdk-indexeddb-0.2.0
matrix-sdk-indexeddb-0.8.0
matrix-sdk-indexeddb-0.9.0
matrix-sdk-qrcode-0.*
matrix-sdk-qrcode-0.10.0
matrix-sdk-qrcode-0.11.0
matrix-sdk-qrcode-0.12.0
matrix-sdk-qrcode-0.13.0
matrix-sdk-qrcode-0.14.0
matrix-sdk-qrcode-0.3.0
matrix-sdk-qrcode-0.4.0
matrix-sdk-qrcode-0.8.0
matrix-sdk-qrcode-0.9.0
matrix-sdk-search-0.*
matrix-sdk-search-0.14.0
matrix-sdk-sled-0.*
matrix-sdk-sled-0.1.0
matrix-sdk-sled-0.2.0
matrix-sdk-sqlite-0.*
matrix-sdk-sqlite-0.10.0
matrix-sdk-sqlite-0.11.0
matrix-sdk-sqlite-0.12.0
matrix-sdk-sqlite-0.13.0
matrix-sdk-sqlite-0.14.0
matrix-sdk-sqlite-0.8.0
matrix-sdk-sqlite-0.9.0
matrix-sdk-store-encryption-0.*
matrix-sdk-store-encryption-0.1.0
matrix-sdk-store-encryption-0.10.0
matrix-sdk-store-encryption-0.11.0
matrix-sdk-store-encryption-0.12.0
matrix-sdk-store-encryption-0.13.0
matrix-sdk-store-encryption-0.14.0
matrix-sdk-store-encryption-0.2.0
matrix-sdk-store-encryption-0.8.0
matrix-sdk-store-encryption-0.9.0
matrix-sdk-test-0.*
matrix-sdk-test-0.10.0
matrix-sdk-test-0.11.0
matrix-sdk-test-0.12.0
matrix-sdk-test-0.13.0
matrix-sdk-test-0.14.0
matrix-sdk-test-0.4.0
matrix-sdk-test-0.5.0
matrix-sdk-test-0.6.0
matrix-sdk-test-macros-0.*
matrix-sdk-test-macros-0.10.0
matrix-sdk-test-macros-0.11.0
matrix-sdk-test-macros-0.12.0
matrix-sdk-test-macros-0.13.0
matrix-sdk-test-macros-0.14.0
matrix-sdk-test-macros-0.2.0
matrix-sdk-test-utils-0.*
matrix-sdk-test-utils-0.14.0
matrix-sdk-ui-0.*
matrix-sdk-ui-0.10.0
matrix-sdk-ui-0.11.0
matrix-sdk-ui-0.12.0
matrix-sdk-ui-0.13.0
matrix-sdk-ui-0.14.0
matrix-sdk-ui-0.8.0
matrix-sdk-ui-0.9.0