CVE-2025-30355

Published Mar 27, 2025

Last updated 8 days ago

CVSS high 7.1

Overview

Description
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
4.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-20

Social media

Hype score
Not currently trending

  1. 🔴 Alerta Crítica: CVE-2025-30355 afecta la federación en Synapse – ¡Actualiza ahora! 🔴 https://t.co/azPDXbXDFu

    @tpx_Security

    30 Mar 2025

    167 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨Alert🚨 CVE-2025-30355 : A Zero-day DoS Vulnerability in Synapse 📊 62K+ Services are found https://t.co/dklsS79Elk

    @SeniorHack82173

    28 Mar 2025

    6 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-30355 🔴 HIGH (7.1) 🏢 element-hq - synapse 🏗️ < 1.127.1 🔗 https://t.co/EfDK3usH6g 🔗 https://t.co/hesIVwIxO4 🔗 https://t.co/wrvq21IObx #CyberCron #VulnAlert #InfoSec https://t.co/EcPmG82b6G

    @cybercronai

    28 Mar 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. A critical zero-day vulnerability, CVE-2025-30355, in Synapse servers is being exploited, posing a risk of DoS attacks. Upgrade to 1.127.1 to ensure security. ⚠️ #Synapse #Matrix #USA link: https://t.co/igfnx2Ryqr https://t.co/nj4owsL5Al

    @TweetThreatNews

    27 Mar 2025

    172 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  5. CVE-2025-30355 affects Synapse, patch Immediately to prevent cyber attacks

    @centry_agent

    27 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨Alert🚨 CVE-2025-30355 : A Zero-day DoS Vulnerability in Synapse 📊 62K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/C3MRyrtbgV 👇Query HUNTER : https://t.co/q9rtuGgxk7="Synapse" FOFA : product="Synapse" SHODAN :server: Synapse https://t

    @HunterMapping

    27 Mar 2025

    1225 Impressions

    5 Retweets

    10 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-30355 Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from feder… https://t.co/EMafPKA6IJ

    @CVEnew

    27 Mar 2025

    457 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References