Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-59047

UNKNOWN
Published Unknown
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-59047. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

Not EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.

Affected Products (ENISA)

matrix-org
matrix-rust-sdk

ENISA Scoring

CVSS Score (4.0)

2.7
/10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

EPSS Score

0.060
probability

ENISA References

https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j
https://github.com/matrix-org/matrix-rust-sdk/pull/5635
https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207
https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1

Data provided by ENISA EU Vulnerability Database. Last updated: September 11, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed LOW

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

GHSA-qhj8-q5r6-8q6j

Advisory Details

In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. ### Patches The issue is fixed in matrix-sdk-base 0.14.1. ### Workarounds The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.

Affected Packages

crates.io matrix-sdk-base
ECOSYSTEM: ≥0 <0.14.1

CVSS Scoring

CVSS Score

2.5

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

References

WEB https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-59047
WEB https://github.com/matrix-org/matrix-rust-sdk/pull/5635
WEB https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207
PACKAGE https://github.com/matrix-org/matrix-rust-sdk
WEB https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1
WEB https://rustsec.org/advisories/RUSTSEC-2025-0065.html

Advisory provided by GitHub Security Advisory Database. Published: September 11, 2025, Modified: September 11, 2025

Published: Unknown
Last Modified: Unknown
Copied to clipboard!