Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-59160

UNKNOWN
Published 2025-09-16T16:37:54.185Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-59160. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. The issue has been patched and users should upgrade to 38.2.0. A workaround is to avoid using MatrixClient::getJoinedRooms in favor of getRooms() and filtering upgraded rooms separately.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

matrix-org

matrix-js-sdk

Affected Versions:

< 38.2.0

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

Not EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Affected Products (ENISA)

matrix-org
matrix-js-sdk

ENISA Scoring

CVSS Score (4.0)

2.7
/10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

EPSS Score

0.050
probability

ENISA References

https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
https://nvd.nist.gov/vuln/detail/CVE-2025-59160

Data provided by ENISA EU Vulnerability Database. Last updated: September 16, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed LOW

matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

GHSA-mp7c-m3rh-r56v

Advisory Details

### Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in `MatrixClient::getJoinedRooms`, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. ### Patches The issue has been patched and users should upgrade to 38.2.0. ### Workarounds Avoid using `MatrixClient::getJoinedRooms` in favour of `getRooms()` and filtering upgraded rooms separately.

Affected Packages

npm matrix-js-sdk
ECOSYSTEM: ≥0 <38.2.0

CVSS Scoring

CVSS Score

2.5

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

References

WEB https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-59160
WEB https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
PACKAGE https://github.com/matrix-org/matrix-js-sdk

Advisory provided by GitHub Security Advisory Database. Published: September 16, 2025, Modified: September 16, 2025

References

https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
Published: 2025-09-16T16:37:54.185Z
Last Modified: 2025-09-16T18:26:33.217Z
Copied to clipboard!