In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`.

### Patches
The issue is fixed in matrix-sdk-base 0.14.1.

### Workarounds
The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.

Affected Packages

crates.io matrix-sdk-base

Affected versions: 0 (fixed in 0.14.1)

Related CVEs

CVE-2025-59047

Key Information

GHSA ID

GHSA-qhj8-q5r6-8q6j

Published

September 11, 2025 9:23 PM

Last Modified

September 11, 2025 9:23 PM

CVSS Score

2.5 /10

Primary Ecosystem

crates.io

Primary Package

matrix-sdk-base

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 18, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.