matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventing further processing for all rooms. This is fixed in version 0.16.0.
References
| Link | Resource |
|---|---|
| https://github.com/matrix-org/matrix-rust-sdk/commit/4ea0418abefab2aa93f8851a4d39c723e703e6b0 | Patch |
| https://github.com/matrix-org/matrix-rust-sdk/pull/5924 | Issue Tracking Patch |
| https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3 | Patch Vendor Advisory |
| https://rustsec.org/advisories/RUSTSEC-2025-0135.html | Third Party Advisory |
Configurations
History
17 Mar 2026, 20:27
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:matrix:matrix-rust-sdk:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| First Time |
Matrix
Matrix matrix-rust-sdk |
|
| References | () https://github.com/matrix-org/matrix-rust-sdk/commit/4ea0418abefab2aa93f8851a4d39c723e703e6b0 - Patch | |
| References | () https://github.com/matrix-org/matrix-rust-sdk/pull/5924 - Issue Tracking, Patch | |
| References | () https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3 - Patch, Vendor Advisory | |
| References | () https://rustsec.org/advisories/RUSTSEC-2025-0135.html - Third Party Advisory |
09 Dec 2025, 16:18
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-09 16:18
Updated : 2026-03-17 20:27
NVD link : CVE-2025-66622
Mitre link : CVE-2025-66622
CVE.ORG link : CVE-2025-66622
JSON object : View
Products Affected
matrix
- matrix-rust-sdk
CWE
CWE-755
Improper Handling of Exceptional Conditions