CVE-2025-66622 in matrix-rust-sdk
Summary
by MITRE • 12/09/2025
matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventing further processing for all rooms. This is fixed in version 0.16.0.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/17/2026
The vulnerability identified as CVE-2025-66622 affects the matrix-sdk-base crate, which serves as a foundational component for building Matrix client libraries. This issue stems from a serialization bug that prevents the crate from properly handling custom m.room.join_rules values in room responses. The Matrix protocol allows for flexible room configuration through various state events including join rules that control how users can join rooms. When a user is invited to a room containing non-standard join rules, the serialization process fails, causing cascading operational failures within the client library's synchronization mechanism.
The technical flaw manifests as a deserialization error that occurs when the matrix-sdk-base component encounters room state events with unconventional join rule configurations. This represents a classic case of insufficient input validation and error handling within the protocol implementation. The vulnerability specifically targets the sync process functionality that continuously monitors room state changes and updates client information. When encountering malformed or non-standard join rule values, the serialization logic becomes unstable, leading to complete process stalling rather than graceful error recovery or fallback mechanisms.
Operationally, this vulnerability creates a severe denial-of-service condition that affects the entire client library functionality. The stall occurs during the synchronization phase when the library attempts to process room state updates, effectively blocking all further room processing activities. This means that users invited to rooms with custom join rules cannot receive updates from any rooms, creating a complete communication breakdown within the affected client. The impact extends beyond individual users to potentially disrupt entire client applications that depend on the matrix-sdk-base component, as the failure propagates through the entire sync processing pipeline.
The fix implemented in version 0.16.0 addresses this issue through enhanced serialization logic that properly handles custom join rule values without causing process stalls. This remediation aligns with security best practices for protocol implementations by ensuring robust error handling and graceful degradation when encountering unexpected data formats. The vulnerability demonstrates the importance of proper input validation and serialization handling in distributed communication systems, where protocol extensions and custom configurations should not lead to complete system failures. Organizations using matrix-sdk-base components should immediately upgrade to version 0.16.0 or later to mitigate this risk, as the vulnerability could be exploited by malicious actors to disrupt communication services within Matrix-based applications. This issue falls under CWE-20 Input Validation and OWASP Top Ten category A03: Injection, specifically relating to improper handling of structured data in protocol implementations. The ATT&CK framework would classify this under T1499.004 Network Denial of Service and T1566.001 Phishing, as it could be leveraged to disrupt service availability and potentially used in social engineering attacks targeting Matrix communication platforms.