Summary: A critical zero-day vulnerability, CVE-2025-30355, has been found in Synapse, a Matrix homeserver, allowing for denial-of-service attacks through malformed events. This flaw is actively being exploited, impacting Synapse versions up to 1.127.0. Administrators are urged to upgrade to version 1.127.1 to mitigate risks.
Affected: Synapse (Matrix homeserver implementation)
Keypoints :
- Vulnerability CVE-2025-30355 has a CVSS score of 7.1.
- This flaw can isolate vulnerable servers from the Matrix network by disrupting federation.
- Immediate updates to version 1.127.1 are recommended to prevent exploitation.
- Closed federation environments and non-federating installations are not impacted.
Source: https://securityonline.info/synapse-servers-at-risk-zero-day-dos-in-the-wild/