CVE-2025-59047: matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min.
References
- github.com/advisories/GHSA-qhj8-q5r6-8q6j
- github.com/matrix-org/matrix-rust-sdk
- github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207
- github.com/matrix-org/matrix-rust-sdk/pull/5635
- github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1
- github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j
- nvd.nist.gov/vuln/detail/CVE-2025-59047
- rustsec.org/advisories/RUSTSEC-2025-0065.html
Code Behaviors & Features
Detect and mitigate CVE-2025-59047 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →