5 matches found
Improper Input Validation
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation. A malicious server can disrupt the normal operation and prevent the application from federating with other servers by crafting even...
CVE-2025-30355 Synapse vulnerable to federation denial of service via malformed events
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
PT-2025-13021 · Synapse · Synapse
Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.127.1 Description: The issue allows a malicious server to craft events that prevent Synapse from federating with other servers. The vulnerability has been exploited in the wild. Recommendations: For versions prior ...
VulnCheck KEV: CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...