CVE-2025-30355 — HIGH (7.1)

Q: How severe is CVE-2025-30355?

CVE-2025-30355 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-30355?

Check the references section above for vendor advisories and patch information. Affected products include: Matrix Synapse.

Vulnerability Description

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Matrix	Synapse	< 1.127.1

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2025-30355?

CVE-2025-30355 is a vulnerability with a CVSS score of 7.1 (HIGH). Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vuln...

How severe is CVE-2025-30355?

CVE-2025-30355 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-30355?

Check the references section above for vendor advisories and patch information. Affected products include: Matrix Synapse.