Critical severity9.1NVD Advisory· Published Jan 21, 2025· Updated Apr 15, 2026

CVE-2025-24024

Description

Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn't possible.

Patches

b437fa16b542

https://github.com/matrix-org/mjolnirvia osv

commit

d0ef527a9e3e

https://github.com/matrix-org/mjolnirvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/matrix-org/mjolnir/commit/b437fa16b5425985715df861987c836affd51eeanvd
github.com/matrix-org/mjolnir/commit/d0ef527a9e3eb45e17143d5295a64b775ccaa23dnvd
github.com/matrix-org/mjolnir/security/advisories/GHSA-3jq6-xc85-m394nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000