
We found results for “”
CVE-2025-30355
Good to know:

Date: March 26, 2025
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Improper Input Validation
CWE-20Top Fix

Upgrade Version
Upgrade to version matrix-synapse - 1.127.1;matrix-synapse - 1.127.1;https://github.com/element-hq/synapse.git - v1.127.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | HIGH |