Home > Vulnerability Database > CVE-2025-62425

Mend.io Vulnerability Database

CVE-2025-62425

Good to know:

Date: October 16, 2025

MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive operations without entering the current password. These include changing the current password, adding or removing an e-mail address and deactivating the account. The vulnerability only affects instances which have the local password database feature enabled (passwords section in the config). Patched in matrix-authentication-service 1.4.1.

Severity Score

8.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62425

Url: https://github.com/element-hq/matrix-authentication-service/security/advisories/GHSA-6wfp-jq3r-j9xh

Url: https://github.com/element-hq/matrix-authentication-service/commit/bce99edb6177be11f8f38c1d01f5606ce7b4b2e5

Url: https://www.mend.io/vulnerability-database/CVE-2025-62425

Severity Score

8.3

Weakness Type (CWE)

Unverified Password Change

CWE-620

Top Fix

Upgrade Version

Upgrade to version https://github.com/element-hq/matrix-authentication-service.git - v1.4.0

Learn More

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62425

Good to know:

Date: October 16, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?