High severity7.1OSV Advisory· Published Oct 2, 2025· Updated Apr 15, 2026
CVE-2025-54315
CVE-2025-54315
Description
The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0.2.0, client-server/0.3.0, client-server/r0.1.0, …
- Range: <1.16 and room version <12
Patches
Vulnerability mechanics
References
2News mentions
1- Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial AccessCyber Security News · May 22, 2026