CVE-2025-59047

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min.

Patches

The issue is fixed in matrix-sdk-base 0.14.1.

Workarounds

The affected method isn’t used internally, so avoiding calling RoomMember::normalized_power_level() prevents the panic.

Published: Sep 11, 2025
Updated: Sep 12, 2025
CVE: CVE-2025-59047
GHSA: GHSA-qhj8-q5r6-8q6j
Severity: Low
Exploit:

No technical information available.

CWEs:

CWE-682

Affected Software
References

Software	From	Fixed in
matrix-sdk-base	-	0.14.1

https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207
https://github.com/matrix-org/matrix-rust-sdk/pull/5635
https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j
https://rustsec.org/advisories/RUSTSEC-2025-0065.html

Vulnerability Database

CVE-2025-59047

Patches

Workarounds