- Description
- matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2025-27146 02/25/2025 08:15:38 PM BaseSeverity: LOW matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a... https://t.co/jYY1Kni1Vt
@CVETracker
26 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27146 matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IR… https://t.co/TonmanjXwn
@CVEnew
25 Feb 2025
367 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matrix:matrix_irc_bridge:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "16647423-A332-4AFB-8162-6A4DC3783AAC",
"versionEndExcluding": "3.0.4"
}
],
"operator": "OR"
}
]
}
]