CVE-2025-59047

EPSS 0.12%

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

Published: 9/11/2025Modified: 9/11/2025

Also known as:GHSA-qhj8-q5r6-8q6jRUSTSEC-2025-0000RUSTSEC-2025-0065

Description

In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`.

Affected packages (3)

crates.io/matrix-sdk-basefrom 0, < 0.14.1
crates.io/matrix-sdk-base>= 0.0.0-0, < 0.14.1
crates.io/matrix-sdk-base>= 0.0.0-0, < 0.14.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

References (9)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-59047
ADVISORYhttps://rustsec.org/advisories/RUSTSEC-2025-0000.html
PATCHhttps://crates.io/crates/matrix-sdk-base
PATCHhttps://github.com/matrix-org/matrix-rust-sdk
WEBhttps://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207
WEBhttps://github.com/matrix-org/matrix-rust-sdk/pull/5635
WEBhttps://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1
WEBhttps://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j
WEBhttps://rustsec.org/advisories/RUSTSEC-2025-0065.html