CVE-2025-66622
📋 TL;DR
A serialization bug in matrix-sdk-base versions 0.14.1 and earlier causes denial-of-service when processing rooms with non-standard join rules. If a user is invited to such a room, the sync process stalls, preventing further processing for all rooms. This affects any application using the vulnerable matrix-rust-sdk library.
💻 Affected Systems
- matrix-rust-sdk
- matrix-sdk-base
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial-of-service for all Matrix client functionality, rendering the client unusable until the problematic room invitation is removed or the client is restarted.
Likely Case
Temporary service disruption affecting sync operations until the client is restarted or the problematic invitation is handled manually.
If Mitigated
Minimal impact if proper monitoring and restart procedures are in place to detect and recover from sync stalls.
🎯 Exploit Status
Exploitation requires sending a room invitation with custom join rules to a target user, which any authenticated Matrix user can do. No special privileges needed beyond standard messaging capabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.16.0
Vendor Advisory: https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3
Restart Required: Yes
Instructions:
1. Update Cargo.toml to require matrix-sdk-base >= 0.16.0
2. Run 'cargo update' to fetch the new version
3. Rebuild and redeploy your application
4. Restart any running instances
🔧 Temporary Workarounds
Reject all room invitations
allConfigure client to automatically reject all room invitations to prevent exploitation
# Configure in client settings or implement invitation rejection logic
Monitor and restart on sync stall
allImplement monitoring for sync process stalls and automatically restart the client
# Implement health checks and restart logic in your application
🧯 If You Can't Patch
- Implement strict access controls on who can send room invitations
- Monitor application logs for sync stalls and manually intervene when detected
🔍 How to Verify
Check if Vulnerable:
Check Cargo.lock or run 'cargo tree | grep matrix-sdk-base' to see the installed versionCheck Version:
grep matrix-sdk-base Cargo.lock | head -1Verify Fix Applied:
Verify matrix-sdk-base version is 0.16.0 or higher in Cargo.lock after update📡 Detection & Monitoring
Log Indicators:
- Sync process stalling or hanging
- Repeated errors when processing room invitations
- Increased memory usage without progress
Network Indicators:
- Unusual patterns of room invitations to targeted users
- Sudden drop in Matrix sync traffic from affected clients
SIEM Query:
source="matrix-client" ("sync stalled" OR "join_rules error" OR "serialization error")