Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2025-30355
PUBLISHEDSynapse vulnerable to federation denial of service via malformed events
- Vendor
- element-hq
- Product
- synapse
- Published
- Mar 27, 2025
- EPSS
- —
Description
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Exploitation status
Exploited in the wild
Recorded 2025-03-27 00:59:27 UTC · Source
SSVC decision points
- Exploitation
- none
- Automatable
- No
- Technical impact
- partial
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE | Mar 27, 2025 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel