Vulnerabilities in Matrix
6 resultsCVE-2025-49090HIGHThe Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.EPSS 0.4%CVE-2024-38429HIGHMatrix - CWE-552: Files or Directories Accessible to External PartiesEPSS 0.4%CVE-2024-38431MEDIUMMatrix Tafnit v8 - CWE-204: Observable Response DiscrepancyEPSS 0.4%CVE-2025-54315HIGHThe Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.EPSS 0.3%CVE-2024-38430MEDIUMMatrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')EPSS 0.2%CVE-2024-38432MEDIUMMatrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied FileEPSS 0.2%