Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/06/12 4:10 p.m.8 views

CVE-2025-48937

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS4.8AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2025/06/10 4:15 p.m.35 views

CVE-2025-48937

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS0.00311EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/10 3:32 p.m.8 views

CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS5AI score0.00311EPSS
Exploits0References4
CVE
CVE
added 2025/06/10 3:32 p.m.117 views

CVE-2025-48937

The CVE-2025-48937 issue affects matrix-sdk-crypto (part of matrix-rust-sdk). Versions 0.8.0 through 0.11.0 do not properly validate the sender of an encrypted event, allowing a malicious homeserver operator to modify encrypted events served to clients so that recipients see them as from another ...

4.9CVSS5AI score0.00311EPSS
Exploits0References4
OSV
OSV
added 2025/06/10 3:32 p.m.15 views

CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS6.5AI score0.00311EPSS
Exploits0References6
Rows per page
Query Builder