QwikSec

Security Database

CVE

CWE

Training

CVE-2025-66622

Published: Dec 9, 2025

Modified: Dec 9, 2025

PUBLISHED

Description

matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventing further processing for all rooms. This is fixed in version 0.16.0.

Vendor	Product	Versions
matrix-org	matrix-rust-sdk	affected `< 0.16.0`

Weaknesses (CWE)

References

https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3

x_refsource_CONFIRM

https://github.com/matrix-org/matrix-rust-sdk/pull/5924

x_refsource_MISC

https://github.com/matrix-org/matrix-rust-sdk/commit/4ea0418abefab2aa93f8851a4d39c723e703e6b0

x_refsource_MISC

https://rustsec.org/advisories/RUSTSEC-2025-0135.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.