Primary

Context

matrix-appservice-irc Arbitrary IRC Command Execution Vulnerability

Vulnerability

Patched

A vulnerability in the Node.js IRC bridge for Matrix, matrix-appservice-irc, prior to version 3.0.4, allows for arbitrary execution of IRC commands as the puppeted user. This exploitation is limited to commands being executed as the user's own IRC identity.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of IRC commands, potentially allowing for manipulation of IRC interactions or environments as the affected user.

Remediation

Users can upgrade to matrix-appservice-irc version 3.0.4 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

matrix-appservice-irc Arbitrary IRC Command Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

matrix-appservice-irc

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating