Home > Vulnerability Database > CVE-2025-24024

Mend.io Vulnerability Database

CVE-2025-24024

Date: January 21, 2025

Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn't possible.

Severity Score

9.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24024

Url: https://github.com/matrix-org/mjolnir/security/advisories/GHSA-3jq6-xc85-m394

Url: https://github.com/matrix-org/mjolnir/commit/d0ef527a9e3eb45e17143d5295a64b775ccaa23d

Url: https://github.com/matrix-org/mjolnir/commit/b437fa16b5425985715df861987c836affd51eea

Url: https://www.mend.io/vulnerability-database/CVE-2025-24024

Severity Score

9.1

Weakness Type (CWE)

Lack of Administrator Control over Security

CWE-671

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24024

Date: January 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?