Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.

Published

2025-03-27T01:15:12.500

Last Modified

2025-08-26T19:24:45.283

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application matrix synapse < 1.127.1 Yes
References