Vulnerability Description
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.
Related Weaknesses (CWE)
References
- https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e90
- https://github.com/matrix-org/matrix-rust-sdk/pull/5635
- https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.
- https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6
FAQ
What is CVE-2025-59047?
CVE-2025-59047 is a documented vulnerability. matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member h...
How severe is CVE-2025-59047?
CVSS scoring is not yet available for CVE-2025-59047. Check NVD for updates.
Is there a patch for CVE-2025-59047?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.