Main Vulnerability Database Vulnerabilities #VU106284

#VU106284 Input validation error in Synapse - CVE-2025-30355

Published: March 31, 2025

Vulnerability identifier: #VU106284

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-30355

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Synapse

Software vendor:
Matrix.org

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted events to the application and prevent it from federating with other servers.

Note, the vulnerability is being exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
https://github.com/element-hq/synapse/releases/tag/v1.127.1
https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6

#VU106284 Input validation error in Synapse - CVE-2025-30355

Description

Remediation

External links

Please verify you're human