{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T19:48:48.264","vulnerabilities":[{"cve":{"id":"CVE-2025-49090","sourceIdentifier":"cve@mitre.org","published":"2025-10-02T19:15:31.290","lastModified":"2026-06-17T09:30:46.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"Matrix","product":"Matrix specification","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.16","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-10-02T19:34:21.078976Z","id":"CVE-2025-49090","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-642"}]}],"references":[{"url":"https://github.com/Nheko-Reborn/nheko/issues/1931","source":"cve@mitre.org"},{"url":"https://github.com/matrix-org/matrix-spec/releases/tag/v1.16","source":"cve@mitre.org"},{"url":"https://matrix.org/blog/2025/08/project-hydra-improving-state-res/","source":"cve@mitre.org"},{"url":"https://matrix.org/blog/2025/08/security-release/","source":"cve@mitre.org"}]}}]}