CVE-2025-30355

NameCVE-2025-30355
DescriptionSynapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
matrix-synapse (PTS)sid, trixie1.121.0-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
matrix-synapsesource(unstable)1.121.0-6

Notes

https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389 (v1.127.1)

Search for package or bug name: Reporting problems