PT-2025-42539 · Unknown · Matrix-Authentication-Service

Published

2025-10-16

Updated

2025-10-16

CVE-2025-62425

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions Matrix Authentication Service versions 0.20.0 through 1.4.0

Description A logic flaw in Matrix Authentication Service allows an attacker with an existing authenticated session to perform sensitive operations without re-entering the current password. These operations include changing the password, adding or removing an email address, and deactivating the account. The issue only affects instances with the local password database feature enabled.

Recommendations Update to Matrix Authentication Service version 1.4.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-620

Related Identifiers

CVE-2025-62425

GHSA-6WFP-JQ3R-J9XH

Affected Products

Matrix-Authentication-Service

PT-2025-42539 · Unknown · Matrix-Authentication-Service

CVE-2025-62425

Weakness Enumeration

Related Identifiers

Affected Products

References · 9