5 matches found
CVE-2025-27146
Summary (CVE-2025-27146): The Matrix-based bridge matrix-appservice-irc (Node.js) up to version 3.0.3 contains a vulnerability that allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user. The issue is resolved in version 3.0.4. Multiple connected sources corrob...
CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...
CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...
GHSA-5MVM-89C9-9GM5 Matrix IRC Bridge allows IRC command injection to own puppeted user
Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. Patches The vulnerability has been patched in matrix-appservice-irc...
Matrix IRC Bridge allows IRC command injection to own puppeted user
Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. Patches The vulnerability has been patched in matrix-appservice-irc...