Alarm raised over 'high-severity' vulnerabilities in Matrix messaging protocol

Editor’s Note: Story updated 1:15 p.m. Eastern U.S. time with further statements from Matrix.

The nonprofit Matrix Foundation, behind the federated communications protocol of the same name, announced this week patching what it described as two high-severity vulnerabilities that could have had catastrophic impact if exploited by sufficiently malicious actors.

The off-cycle security release, which does not detail the specific nature of the bugs, suggests potential attacks where malicious actors could be enabled to seize control of classified discussion spaces, which numerous governments use Matrix for.

A spokesperson for the Matrix Foundation said “the vulnerabilities were discovered as part of an ongoing joint security research project at Element and the Matrix.org Foundation,” and added that they not aware of the vulnerabilities ever being exploited in the wild.

The update was described as “an exceptionally complicated project to coordinate” by the protocol’s co-founder and chief executive Matthew Hodgson, who added “its security implications required us to deviate from our usual [Matrix Spec Change] process and develop the changes under embargo.”

Unlike end-to-end encrypted messaging apps like WhatsApp and Signal, the Matrix protocol is an open standard that end-users can implement themselves and run on their own servers.

It is widely used by governments and enterprises, including within the French government’s instant messaging service Tchap, by the German armed forces and by numerous other public sector entities in Europe, all of which will deploy it to handle what they regard as sensitive information.

An alarm about the high-severity bugs was raised in a pre-disclosure last month, when Matrix said it had shared the details and the fixes under embargo with all known entities running their own implementations of the protocol.

Despite the initial intention that all users would get the changes implemented within six days, Matrix subsequently pushed the full disclosure back to a full month, given concerns about the time to test the changes.

As disclosed in full this week, the first issue was identified as CVE-2025-49090, which has not yet been assigned a CVSS severity score.

The description suggests the bug affects the way rooms are controlled, by allowing a malicious administrator — for instance within a government agency’s IT system — to remove the permissions set by the official who created the channel.

In practice, this could be used to disrupt official communications within a crisis, to control the discussion space within a classified channel, or to direct the members of that channel to another room that is running a hostile version of the protocol under the malicious actor’s control.

Following initial publication of this story, a spokesperson said that this exploitation scenario was not correct. “Details of CVE-2025-49090 are still deliberately private until the embargo elapses so we would discourage speculating until the details have been disclosed and there is a public announcement” on Thursday, they added.

The second bug, which following publication was assigned the CVE-2025-54315, appears to affect how room IDs are generated. Although every Matrix room has a unique pseudo-random ID, it suggests that in certain circumstances an attacker would be able to predict what ID would be generated for that room.

In that case, the attacker could pre-create the room or potentially join a sensitive channel if the proper protections hadn’t been applied, setting it up so that it ran under the malicious attacker’s own rules — potentially facilitating exfiltration of sensitive information, or disrupting incident response communications at the time of a crisis.

The Matrix spokesperson said: “Exploitation of the vulnerability does not involve pre-creation of rooms. It also cannot be exploited to the effect of joining a sensitive channel nor facilitating the extraction of sensitive information; both of these would've warranted a Critical severity grade while the Foundation's Security Team has characterised both vulnerabilities as High as per the predisclosure.”

They again stressed that the full details of the vulnerabilities would be released on Thursday.

The foundation has warned that room upgrades are going to be disruptive for users and stressed that entities running implementations of the protocol will need to test their rollout before getting started. It has provided guidance to clients.