Home

Description

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.

PUBLISHED Reserved 2025-03-21 | Published 2025-03-27 | Updated 2025-03-27 | Assigner GitHub_M




HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Problem types

CWE-20: Improper Input Validation

Product status

< 1.127.1
affected

References

github.com/...ynapse/security/advisories/GHSA-v56r-hwv5-mxg6

github.com/...ommit/2277df2a1eb685f85040ef98fa21d41aa4cdd389

github.com/element-hq/synapse/releases/tag/v1.127.1

cve.org (CVE-2025-30355)

nvd.nist.gov (CVE-2025-30355)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.