CVE-2025-59160Insufficient Verification of Data Authenticity in Matrix-js-sdk

CWE-345Insufficient Verification of Data AuthenticityCWE-20Improper Input ValidationCWE-862Missing Authorization6 documents5 sources
Severity
2.7LOWNVD
EPSS
0.1%
top 75.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Matrix-org Matrix-js-sdk
Timeline
PublishedSep 16

Description

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. The issue has been patched and users should upgrade to 38.2.0. A workaround is to avoid using MatrixClient::getJoinedRooms in favor of getRooms() and filtering upgraded rooms separately.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5matrix-org/matrix-js-sdk< 38.2.0

🔴Vulnerability Details

4
CVEList
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another2025-09-16
OSV
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another2025-09-16
OSV
CVE-2025-59160: Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript2025-09-16
GHSA
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another2025-09-16

📋Vendor Advisories

1
Debian
CVE-2025-59160: node-matrix-js-sdk - Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScrip...2025
CVE-2025-59160 — Matrix-org Matrix-js-sdk vulnerability | cvebase