CVE-2025-30355

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.127.1

Description The issue allows a malicious server to craft events that prevent Synapse from federating with other servers. The vulnerability has been exploited in the wild.

Recommendations For versions prior to 1.127.1, upgrade to Synapse v1.127.1 to resolve the issue.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-30355

GHSA-V56R-HWV5-MXG6

OPENSUSE-SU-2025:14939-1

Affected Products

Synapse

CVE-2025-30355

Weakness Enumeration

Related Identifiers

Affected Products

References · 37