CVE-2025-48937 – matrix-sdk-crypto

Package

Manager: cargo
Name: matrix-sdk-crypto
Vulnerable Version: >=0.8.0 <0.11.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00037 pctl0.09706

Details

matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator ### Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the CVSS score is 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N), we consider this a High Severity security issue. ### Details The Matrix specification [requires](https://spec.matrix.org/v1.14/client-server-api/#mmegolmv1aes-sha2) that clients ensure that "the event’s `sender`, `room_id`, and the recorded `session_id` match a trusted session". The vulnerable matrix-sdk-crypto versions check that the `room_id` matches that of the session denoted by `session_id`, but do not check the `sender`. ### Patches The issue is resolved by [13c1d20](https://github.com/matrix-org/matrix-rust-sdk/commit/13c1d2048286bbabf5e7bc6b015aafee98f04d55), included in versions 0.11.1 and 0.12.0 of matrix-sdk-crypto. ### Workarounds Since a successful attack requires administrator access to the homeserver, users who trust the administrators of their local homeserver are not affected. ### References * https://spec.matrix.org/v1.14/client-server-api/#mmegolmv1aes-sha2

Metadata

Created: 2025-06-10T20:15:37Z
Modified: 2025-06-12T21:23:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-x958-rvg6-956w/GHSA-x958-rvg6-956w.json
CWE IDs: ["CWE-290"]
Alternative ID: GHSA-x958-rvg6-956w
Finding: F032
Auto approve: 1