Primary

Context

matrix-sdk-base Room Member Power Level Panic Vulnerability

Vulnerability

A panic vulnerability has been identified in the matrix-sdk-base component, specifically in versions prior to 0.14.1. The issue arises when the RoomMember::normalized_power_level() method is called for a room member with a power level of Int::Min. This can lead to a runtime panic. The vulnerability is not present in matrix-sdk-base version 0.14.1 and later.

Impact

Exploitation of this vulnerability causes a runtime panic, which can disrupt the normal operation of the application by causing a crash or unexpected termination.

Remediation

Users can upgrade to matrix-sdk-base version 0.14.1 or later to address this vulnerability. The issue can also be avoided by not calling the RoomMember::normalized_power_level() method, as it is not used internally in the application.

Added: Sep 11, 2025, 6:53 PM

Updated: Sep 11, 2025, 6:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

matrix-sdk-base Room Member Power Level Panic Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating