High-severity Matrix messaging protocol vulnerabilities addressed

Updates have been issued by the Matrix Foundation to resolve a pair of high-severity flaws in the Matrix federated communications protocol, according to The Record, a news site by cybersecurity firm Recorded Future. The Matrix Foundation dismissed initial details regarding the exploitation of the vulnerabilities, tracked as CVE-2025-49090 and CVE-2025-54315, to compromise official communications and room ID generation, respectively. "Exploitation of [CVE-2025-54315] does not involve pre-creation of rooms. It also cannot be exploited to the effect of joining a sensitive channel nor facilitating the extraction of sensitive information; both of these would've warranted a Critical severity grade while the Foundation's Security Team has characterised both vulnerabilities as High as per the predisclosure," said a Matrix spokesperson, who noted that an announcement on both issues is scheduled on Thursday. Users of the messaging protocol have also been advised about the potentially disruptive nature of the upgrades, with organizations urged to assess the update's rollout beforehand.