CVE-2025-61672

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.138.3 Synapse version 1.139.0

Description Synapse is an open source Matrix homeserver implementation. Insufficient validation of device keys in affected versions allows an attacker registered on the victim homeserver to disrupt federation functionality, potentially breaking outbound federation to other homeservers.

Recommendations Upgrade to Synapse version 1.138.4 or later. Upgrade to Synapse version 1.139.2 or later.