Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Matrix
Matrix synapse |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:* | |
Vendors & Products |
Matrix
Matrix synapse |
Thu, 27 Mar 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 27 Mar 2025 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available. | |
Title | Synapse vulnerable to federation denial of service via malformed events | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-03-27T13:47:50.179Z
Reserved: 2025-03-21T14:12:06.270Z
Link: CVE-2025-30355

Updated: 2025-03-27T13:47:46.383Z

Status : Analyzed
Published: 2025-03-27T01:15:12.500
Modified: 2025-08-26T19:24:45.283
Link: CVE-2025-30355

No data.

Updated: 2025-07-13T11:06:52Z