Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-27146
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-25 Feb, 2025 | 20:15
Updated At-04 Mar, 2025 | 20:42

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CPE Matches
The Matrix.org Foundation
matrix
>>matrix_irc_bridge>>Versions before 3.0.4(exclusive)
cpe:2.3:a:matrix:matrix_irc_bridge:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarysecurity-advisories@github.com
CWE-88Primarysecurity-advisories@github.com
CWE-77Secondarynvd@nist.gov
CWE ID: CWE-77
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-88
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-77
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/matrix-org/matrix-appservice-irc/commit/74f02c8e11f16ed1b355700092c1aa9c036a11bdsecurity-advisories@github.com
Patch
https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-5mvm-89c9-9gm5security-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/matrix-org/matrix-appservice-irc/commit/74f02c8e11f16ed1b355700092c1aa9c036a11bd
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-5mvm-89c9-9gm5
Source: security-advisories@github.com
Resource:
Vendor Advisory
Change History
0Changes found
Details not found