Low severityOSV Advisory· Published Sep 11, 2025· Updated Apr 15, 2026
CVE-2025-59047
CVE-2025-59047
Description
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling RoomMember::normalized_power_level() prevents the panic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-sdk-basecrates.io | < 0.14.1 | 0.14.1 |
Affected products
2- Range: 0.1.0, 0.7.0, matrix-qrcode-0.2.0, …
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-qhj8-q5r6-8q6jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59047ghsaADVISORY
- github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207nvdWEB
- github.com/matrix-org/matrix-rust-sdk/pull/5635nvdWEB
- github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1nvdWEB
- github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6jnvdWEB
- rustsec.org/advisories/RUSTSEC-2025-0065.htmlghsaWEB
News mentions
0No linked articles in our index yet.