Vulnerability Description
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. The issue has been patched and users should upgrade to 38.2.0. A workaround is to avoid using MatrixClient::getJoinedRooms in favor of getRooms() and filtering upgraded rooms separately.
Related Weaknesses (CWE)
References
- https://github.com/matrix-org/matrix-js-sdk/commit/43c72d5bf5e2d0a26b3b4f71092e7
- https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r
FAQ
What is CVE-2025-59160?
CVE-2025-59160 is a documented vulnerability. Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, al...
How severe is CVE-2025-59160?
CVSS scoring is not yet available for CVE-2025-59160. Check NVD for updates.
Is there a patch for CVE-2025-59160?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.