RUSTSEC-2025-0041 matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator

matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...