CVE-2025-59160: matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
(updated )
matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room.
References
- github.com/advisories/GHSA-mp7c-m3rh-r56v
- github.com/matrix-org/matrix-js-sdk
- github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7cb39d4137c4
- github.com/matrix-org/matrix-js-sdk/releases/tag/v38.2.0
- github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v
- nvd.nist.gov/vuln/detail/CVE-2025-59160
- www.npmjs.com/package/matrix-js-sdk/v/38.2.0
Code Behaviors & Features
Detect and mitigate CVE-2025-59160 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →