Wrjlewis

**Name of the Vulnerable Software and Affected Versions** Element Server Suite Community Edition (ESS Community) versions prior to 25.12.1 **Description** The Element Server Suite Community Edition (ESS Community) Helm Chart contains a flaw in its secrets initialization hook, specifically within the `matrix-tools` container before version 0.5.7. This issue involves an insecure method for generating Matrix server keys. A network attacker could potentially recreate the same key pair, enabling server impersonation. This impacts the confidentiality, integrity, and availability of rooms with the vulnerable server as a member. The confidentiality of past end-to-end encrypted conversations is not affected. The issue stems from the generation of the secret within the ESS Community Helm Chart values when `initSecrets.enabled` is not set to false and `synapse.signingKey` is not defined. **Recommendations** Update to ESS Community Helm Chart version 25.12.1 or later. Ensure `initSecrets.enabled` is set to false in the ESS Community Helm Chart values. Define `synapse.signingKey` in the ESS Community Helm Chart values.