{"id":"CVE-2025-59047","summary":"matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method","details":"matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.","aliases":["GHSA-qhj8-q5r6-8q6j","RUSTSEC-2025-0000","RUSTSEC-2025-0065"],"modified":"2026-04-10T05:31:45.897334Z","published":"2025-09-11T18:03:50.361Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59047.json","cwe_ids":["CWE-682"]},"references":[{"type":"WEB","url":"https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59047.json"},{"type":"ADVISORY","url":"https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59047"},{"type":"FIX","url":"https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207"},{"type":"FIX","url":"https://github.com/matrix-org/matrix-rust-sdk/pull/5635"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/matrix-org/matrix-rust-sdk","events":[{"introduced":"0"},{"fixed":"5ef3ecac8c63d2373d8e45a47807769e602ebd89"}]}],"versions":["0.1.0","0.7.0","matrix-qrcode-0.2.0","matrix-sdk-0.10.0","matrix-sdk-0.11.0","matrix-sdk-0.12.0","matrix-sdk-0.13.0","matrix-sdk-0.14.0","matrix-sdk-0.4.0","matrix-sdk-0.4.1","matrix-sdk-0.8.0","matrix-sdk-0.9.0","matrix-sdk-base-0.10.0","matrix-sdk-base-0.11.0","matrix-sdk-base-0.12.0","matrix-sdk-base-0.13.0","matrix-sdk-base-0.14.0","matrix-sdk-base-0.4.0","matrix-sdk-base-0.4.1","matrix-sdk-base-0.8.0","matrix-sdk-base-0.9.0","matrix-sdk-common-0.10.0","matrix-sdk-common-0.11.0","matrix-sdk-common-0.12.0","matrix-sdk-common-0.13.0","matrix-sdk-common-0.14.0","matrix-sdk-common-0.4.0","matrix-sdk-common-0.4.1","matrix-sdk-common-0.8.0","matrix-sdk-common-0.9.0","matrix-sdk-crypto-0.10.0","matrix-sdk-crypto-0.11.0","matrix-sdk-crypto-0.12.0","matrix-sdk-crypto-0.13.0","matrix-sdk-crypto-0.14.0","matrix-sdk-crypto-0.4.0","matrix-sdk-crypto-0.4.1","matrix-sdk-crypto-0.8.0","matrix-sdk-crypto-0.9.0","matrix-sdk-crypto-ffi-0.1.0","matrix-sdk-crypto-ffi-0.1.1","matrix-sdk-crypto-ffi-0.1.10","matrix-sdk-crypto-ffi-0.1.2","matrix-sdk-crypto-ffi-0.1.3","matrix-sdk-crypto-ffi-0.1.4","matrix-sdk-crypto-ffi-0.1.5","matrix-sdk-crypto-ffi-0.1.6","matrix-sdk-crypto-ffi-0.1.7","matrix-sdk-crypto-ffi-0.1.8","matrix-sdk-crypto-ffi-0.1.9","matrix-sdk-crypto-ffi-0.11.0","matrix-sdk-crypto-ffi-0.2.0","matrix-sdk-crypto-ffi-0.2.1","matrix-sdk-crypto-ffi-0.3.0","matrix-sdk-crypto-ffi-0.3.1","matrix-sdk-crypto-ffi-0.3.10","matrix-sdk-crypto-ffi-0.3.11","matrix-sdk-crypto-ffi-0.3.12","matrix-sdk-crypto-ffi-0.3.13","matrix-sdk-crypto-ffi-0.3.2","matrix-sdk-crypto-ffi-0.3.4","matrix-sdk-crypto-ffi-0.3.5","matrix-sdk-crypto-ffi-0.3.7","matrix-sdk-crypto-ffi-0.3.8","matrix-sdk-crypto-ffi-0.3.9","matrix-sdk-crypto-ffi-0.4.0","matrix-sdk-crypto-ffi-0.4.1","matrix-sdk-crypto-ffi-0.4.2","matrix-sdk-crypto-ffi-0.4.3","matrix-sdk-crypto-js-v0.1.0-alpha.0","matrix-sdk-crypto-js-v0.1.0-alpha.1","matrix-sdk-crypto-js-v0.1.0-alpha.2","matrix-sdk-crypto-js-v0.1.0-alpha.4","matrix-sdk-ffi-0.11.0","matrix-sdk-ffi-0.12.0","matrix-sdk-ffi-0.13.0","matrix-sdk-ffi-0.14.0","matrix-sdk-ffi/20240618","matrix-sdk-ffi/20240704","matrix-sdk-ffi/20240722","matrix-sdk-ffi/20240813","matrix-sdk-ffi/20240827","matrix-sdk-ffi/20240904","matrix-sdk-ffi/20240911","matrix-sdk-ffi/20240913","matrix-sdk-ffi/20240918","matrix-sdk-ffi/20240924","matrix-sdk-ffi/20241008","matrix-sdk-ffi/20241024","matrix-sdk-ffi/20241107","matrix-sdk-ffi/20241127","matrix-sdk-ffi/20241203","matrix-sdk-ffi/20241204","matrix-sdk-ffi/20250131","matrix-sdk-ffi/20250225","matrix-sdk-ffi/20250306","matrix-sdk-ffi/20250320","matrix-sdk-ffi/20250325","matrix-sdk-ffi/20250408","matrix-sdk-ffi/20250422","matrix-sdk-ffi/20250506","matrix-sdk-ffi/20250507","matrix-sdk-ffi/20250521","matrix-sdk-ffi/20250603","matrix-sdk-ffi/20250618","matrix-sdk-ffi/20250701","matrix-sdk-ffi/20250702","matrix-sdk-ffi/20250715","matrix-sdk-ffi/20250728","matrix-sdk-ffi/20250826","matrix-sdk-ffi/20250909","matrix-sdk-ffi/20252502","matrix-sdk-indexeddb-0.10.0","matrix-sdk-indexeddb-0.11.0","matrix-sdk-indexeddb-0.12.0","matrix-sdk-indexeddb-0.13.0","matrix-sdk-indexeddb-0.14.0","matrix-sdk-indexeddb-0.8.0","matrix-sdk-indexeddb-0.9.0","matrix-sdk-qrcode-0.10.0","matrix-sdk-qrcode-0.11.0","matrix-sdk-qrcode-0.12.0","matrix-sdk-qrcode-0.13.0","matrix-sdk-qrcode-0.14.0","matrix-sdk-qrcode-0.8.0","matrix-sdk-qrcode-0.9.0","matrix-sdk-search-0.14.0","matrix-sdk-sqlite-0.10.0","matrix-sdk-sqlite-0.11.0","matrix-sdk-sqlite-0.12.0","matrix-sdk-sqlite-0.13.0","matrix-sdk-sqlite-0.14.0","matrix-sdk-sqlite-0.8.0","matrix-sdk-sqlite-0.9.0","matrix-sdk-store-encryption-0.10.0","matrix-sdk-store-encryption-0.11.0","matrix-sdk-store-encryption-0.12.0","matrix-sdk-store-encryption-0.13.0","matrix-sdk-store-encryption-0.14.0","matrix-sdk-store-encryption-0.8.0","matrix-sdk-store-encryption-0.9.0","matrix-sdk-test-0.10.0","matrix-sdk-test-0.11.0","matrix-sdk-test-0.12.0","matrix-sdk-test-0.13.0","matrix-sdk-test-0.14.0","matrix-sdk-test-0.4.0","matrix-sdk-test-macros-0.10.0","matrix-sdk-test-macros-0.11.0","matrix-sdk-test-macros-0.12.0","matrix-sdk-test-macros-0.13.0","matrix-sdk-test-macros-0.14.0","matrix-sdk-test-utils-0.14.0","matrix-sdk-ui-0.10.0","matrix-sdk-ui-0.11.0","matrix-sdk-ui-0.12.0","matrix-sdk-ui-0.13.0","matrix-sdk-ui-0.14.0","matrix-sdk-ui-0.8.0","matrix-sdk-ui-0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"}]}