High severity7.1OSV Advisory· Published Oct 2, 2025· Updated Apr 15, 2026
CVE-2025-49090
CVE-2025-49090
Description
The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0.2.0, client-server/0.3.0, client-server/r0.1.0, …
Patches
Vulnerability mechanics
References
4News mentions
1- Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial AccessCyber Security News · May 22, 2026