Two high-severity vulnerabilities were patched in the Matrix protocol, which could have compromised classified communications used by governments and enterprises. The fixes address privilege escalation and predictable room IDs, enhancing security across various public sector entities. #MatrixProtocol #CVE-2025-49090
Keypoints
- The Matrix Foundation identified and fixed two critical security vulnerabilities affecting their communication protocol.
- The first vulnerability could allow malicious administrators to seize control of discussion spaces within government and enterprise channels.
- The second issue involved predictable room IDs, which could enable attackers to join or create sensitive channels under malicious control.
- The fixes required significant coordination and testing, with full disclosure delayed to ensure proper implementation.
- Public sector entities, including the French government and German armed forces, rely on Matrix for sensitive communication and are advised to update promptly.
Read More: https://therecord.media/matrix-messaging-protocol-high-severity-vulnerabilities