Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN439
_____________________________________________________________________

DATE                : 11/07/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running matrix-sdk (Rust) versions prior
                                         to 0.13.

=====================================================================
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-275g-g844-73jh
_____________________________________________________________________


SQL injection in the Matrix Rust SDK EventCache implementation
Moderate
poljar published GHSA-275g-g844-73jh Jul 10, 2025

Package
matrix-sdk (Rust)

Affected versions
>= 0.11, < 0.13

Patched versions
0.13


Description

An SQL injection vulnerability in the
EventCache::find_event_with_relations method of matrix-sdk 0.11
and 0.12 allows malicious room members to execute arbitrary SQL
commands in Matrix clients that directly pass relation types
provided by those room members into this method, when used with
the default sqlite-based store backend. Exploitation is unlikely,
as no known clients currently use the API in this manner.


Workarounds

Passing only trusted (or sanitised) relation types to the filter
argument of EventCache::find_event_with_relations() avoids the
issue.


Patches

The issue is fixed in matrix-sdk 0.13.


References

The issue was introduced in #4849.


Severity
Moderate

CVE ID
CVE-2025-53549

Weaknesses
No CWEs


Credits

    @poljar poljar Finder


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================