
We found results for “”
CVE-2025-48937
Good to know:

Date: June 10, 2025
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. This vulnerability is fixed in 0.11.1 and 0.12.0.
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Authentication Bypass by Spoofing
CWE-290Top Fix

Upgrade Version
Upgrade to version matrix-sdk-crypto - 0.11.1;https://github.com/matrix-org/matrix-rust-sdk.git - matrix-sdk-crypto-0.11.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | NONE |