Primary

Context

Matrix Specification Room Event Uniqueness Vulnerability

Vulnerability

A vulnerability exists in the Matrix specification prior to version 1.16, specifically in rooms using a version earlier than 12, due to a lack of uniqueness for create events. This deficiency could potentially allow for multiple create events to be introduced into a room, leading to unauthorized control over the room's state and permissions.

Impact

The vulnerability could disrupt room management by allowing a malicious homeserver operator to corrupt the room's state, such as by reverting access controls or membership to a previous state. This does not expose conversation history or additional data.

Remediation

Matrix servers should be upgraded to version 1.16 and rooms should be upgraded to version 12 to address this vulnerability.

Added: Oct 2, 2025, 8:04 PM

Updated: Oct 2, 2025, 8:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Matrix Specification Room Event Uniqueness Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating