PT-2025-7913 · Unknown · Matrix-Appservice-Irc

Funderscore1

Published

2025-02-25

Updated

2025-03-04

CVE-2025-27146

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions matrix-appservice-irc versions prior to 3.0.4

Description The issue affects the matrix-appservice-irc bridge, allowing for arbitrary IRC command execution as the puppeted user. However, the attacker can only inject commands executed as their own IRC user.

Recommendations For versions prior to 3.0.4, update to version 3.0.4 to resolve the issue.

Exploit

Fix

Argument Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88CWE-77

Related Identifiers

CVE-2025-27146

GHSA-5MVM-89C9-9GM5

Affected Products

Matrix-Appservice-Irc

PT-2025-7913 · Unknown · Matrix-Appservice-Irc

CVE-2025-27146

Weakness Enumeration

Related Identifiers

Affected Products

References · 13