CVE-2025-59047

N/A Unknown
Published: September 11, 2025 Modified: April 15, 2026
View on NVD

Description

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207
Source: security-advisories@github.com
https://github.com/matrix-org/matrix-rust-sdk/pull/5635
Source: security-advisories@github.com
https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1
Source: security-advisories@github.com
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j
Source: security-advisories@github.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
24th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-682

Related CVEs

CVE-2025-71256 7.5
CVE-2025-71255 7.5
CVE-2025-71254 7.5
CVE-2025-71253 7.5
CVE-2025-71252 7.5