Search for vulnerabilities
Vulnerability details: VCID-tu1c-47c3-p7cq
Vulnerability ID VCID-tu1c-47c3-p7cq
Aliases CVE-2025-59160
GHSA-mp7c-m3rh-r56v
Summary matrix-js-sdk has insufficient validation when considering a room to be upgraded by another ### Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in `MatrixClient::getJoinedRooms`, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. ### Patches The issue has been patched and users should upgrade to 38.2.0. ### Workarounds Avoid using `MatrixClient::getJoinedRooms` in favour of `getRooms()` and filtering upgraded rooms separately.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-345 Insufficient Verification of Data Authenticity
CWE-862 Missing Authorization
System Score Found at
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2025-59160
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2025-59160
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2025-59160
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-59160
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-59160
cvssv3.1_qr LOW https://github.com/advisories/GHSA-mp7c-m3rh-r56v
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mp7c-m3rh-r56v
generic_textual LOW https://github.com/matrix-org/matrix-js-sdk
generic_textual MODERATE https://github.com/matrix-org/matrix-js-sdk
cvssv4 2.7 https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
generic_textual LOW https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
generic_textual MODERATE https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
ssvc Track https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
generic_textual MODERATE https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.2.0
cvssv3.1_qr LOW https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
cvssv3.1_qr MODERATE https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
cvssv4 2.7 https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
generic_textual LOW https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
generic_textual MODERATE https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
ssvc Track https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2025-59160
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-59160
generic_textual MODERATE https://www.npmjs.com/package/matrix-js-sdk/v/38.2.0
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-59160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59160
https://github.com/matrix-org/matrix-js-sdk
https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.2.0
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
https://nvd.nist.gov/vuln/detail/CVE-2025-59160
https://www.npmjs.com/package/matrix-js-sdk/v/38.2.0
GHSA-mp7c-m3rh-r56v https://github.com/advisories/GHSA-mp7c-m3rh-r56v
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U Found at https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-16T17:29:36Z/ Found at https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U Found at https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-16T17:29:36Z/ Found at https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
Exploit Prediction Scoring System (EPSS)
Percentile 0.14818
EPSS Score 0.00049
Published At Sept. 19, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-09-17T00:59:50.108428+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-mp7c-m3rh-r56v/GHSA-mp7c-m3rh-r56v.json 37.0.0