The Matrix Foundation has released patches and mitigation details for two vulnerabilities that use its open standard communications protocol to transmit sensitive information.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

The Matrix Foundation disclosed two high-severity vulnerabilities (CVE-2025-49090 and CVE-2025-54315) that could allow attackers to hijack chat rooms and disrupt communications. The vulnerabilities affect room creator permissions and room ID generation, potentially enabling malicious actors to take control of sensitive conversations or create fake rooms. Fixes are bundled in Room Version 12, requiring server administrators to upgrade clients and implement new security measures. Organizations using Matrix for sensitive communications, including government agencies, should prioritize updates and limit federation connections to trusted servers only.

Matrix protocol bugs could let hackers seize control of sensitive chat rooms