Vulnerability Details CVE-2025-66622
matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventing further processing for all rooms. This is fixed in version 0.16.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.9%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-66622
-
cpe:2.3:a:matrix:matrix-rust-sdk:0.4.0
-
cpe:2.3:a:matrix:matrix-rust-sdk:0.4.1
-
cpe:2.3:a:matrix:matrix-rust-sdk:0.5.0
-
cpe:2.3:a:matrix:matrix-rust-sdk:0.6.0
-
cpe:2.3:a:matrix:matrix-rust-sdk:0.6.1
-
cpe:2.3:a:matrix:matrix-rust-sdk:0.6.2