QwikSec

Security Database

CVE

CWE

Training

CVE-2025-59047

Published: Sep 11, 2025

Modified: Sep 11, 2025

PUBLISHED

Description

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.

Vendor	Product	Versions
matrix-org	matrix-rust-sdk	affected `< 0.14.1`

Weaknesses (CWE)

References

https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j

x_refsource_CONFIRM

https://github.com/matrix-org/matrix-rust-sdk/pull/5635

x_refsource_MISC

https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207

x_refsource_MISC

https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.