Skip to content

Panic in the `RoomMember::normalized_power_level()` method

Low
poljar published GHSA-qhj8-q5r6-8q6j Sep 11, 2025

Package

cargo matrix-sdk-base (Rust)

Affected versions

< 0.14.1

Patched versions

0.14.1

Description

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min.

Patches

The issue is fixed in matrix-sdk-base 0.14.1.

Workarounds

The affected method isn’t used internally, so avoiding calling RoomMember::normalized_power_level() prevents the panic.

Severity

Low

CVE ID

CVE-2025-59047

Weaknesses

No CWEs

Credits