Fedora 42 update for matrix-synapse
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-30355 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | This vulnerability is being exploited in the wild. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system matrix-synapse Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Input validation error
EUVDB-ID: #VU106284
Risk: High
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-30355
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted events to the application and prevent it from federating with other servers.
Note, the vulnerability is being exploited in the wild.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 42
matrix-synapse: before 1.127.1-1.fc42
CPE2.3- cpe:2.3:o:fedoraproject:fedora:42:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:matrix-synapse:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-63751ef564
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
