Low severityNVD Advisory· Published Feb 25, 2025· Updated Feb 25, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user
CVE-2025-27146
Description
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-appservice-ircnpm | < 3.0.4 | 3.0.4 |
Affected products
2- Range: < 3.0.4
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-5mvm-89c9-9gm5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-27146ghsaADVISORY
- github.com/matrix-org/matrix-appservice-irc/commit/74f02c8e11f16ed1b355700092c1aa9c036a11bdghsax_refsource_MISCWEB
- github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-5mvm-89c9-9gm5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.