The nonprofit Matrix Foundation, custodian of the eponymous open standard communications protocol, has released details and patching information for two vulnerabilities that could allow hackers to take over classified chat rooms.
Matrix announced the vulnerabilities a month ago, but specific details on mitigation have been under wraps to allow protocol users time to test and implement them.
The protocol is used by organizations around the globe, often to transmit sensitive information. But experts warn that the primary security issue isn’t just about chat; it’s also how ripple effects could potentially disrupt emergency coordination or leak sensitive information.
“Matrix servers are also often connected to other servers in different organizations,” explained Erik Avakian, technical counselor at Info-Tech Research Group and former state chief information security officer for the Commonwealth of Pennsylvania. “If one is hacked, it could have downstream effects and be used to attack others.”
‘Hydra’ an ongoing security effort
Matrix is an open standard that users can run on their own servers, not cloud based like WhatsApp or Signal. It is used by the French government, German and Polish armed forces, and other public and private organizations worldwide.
“Data sovereignty is one of the big selling points for Matrix,” said Johannes Ullrich, dean of research for SANS Technology Institute, noting that it is “somewhat popular” with government organizations outside the US looking to avoid US-hosted or controlled cloud providers.
Matrix released a pre-disclosure of the two high-severity vulnerabilities in mid-July (CVE-2025-49090 and CVE-2025-54315), and shared details of fixes under embargo with organizations using the protocol. Initially, the goal was to have changes implemented in six days, but the foundation pushed that out by a month after users raised concerns about such a quick turnaround.
A coordinated release occurred on Monday (August 11), and server admins were given three days to upgrade before Matrix disclosed vulnerability details and introduced Room Version 12 today.
“This entire process has been highly unusual for the ecosystem, and it’s unfortunate that we were unable to make these changes out in the open,” Matrix staff engineer Kegan Dougal wrote in a blog post.
The project, codenamed “Hydra,” is a coordinated and ongoing effort by Matrix’s security teams and consultants to improve the protocol’s security. During the embargo period, the foundation released redacted versions of Matrix spec changes (MSCs) “as soon as we were comfortable from a security perspective.”
Avakian explained that the fixes and updated guidance include changing how chat rooms are managed and how their IDs are created.
“If your organization is connected only to your own system (no federation), you’re basically fine,” he said. “If you connect to other servers, especially those you can’t fully trust, you should update rooms to the new format, as well as make sure your messaging apps and bots are updated too, so they don’t break.”
Vulnerabilities could allow hackers to disrupt sensitive conversations
The vulnerabilities are rated as “high” rather than “critical,” according to the foundation, as they “do not result in data compromise or exposure.” Matrix notes that it is not aware of the issues being exploited.
If not addressed immediately, Avakian explained that the two serious flaws could allow hackers to disrupt conversations and trusted communications. One could let a bad actor take over “creator” powers for a chat room, allowing them to make changes, redirect people to a different room, or shut the room down altogether. The other could let someone predict a room’s address before the creator initiates it, which could cause confusion or allow threat actors to set up a fake version of a room.
This could allow them to “potentially spread misinformation, trick people into sharing information, or simply shut down communication channels critical to business or during a crisis or sensitive project,” he said.
On Friday, the Matrix Foundation reached out to CSO Online with further information about the vulnerabilities.
Matrix security researcher and programmer Denis Kasak clarified that these vulnerabilities can only be exploited by servers (or server operators) that have previously participated in the room in question. An arbitrary network attacker cannot use them to gain access to a room, even if the server is allowed to federate with other servers.
He also noted that while CVE-2025-49090 allows a room member to potentially reset the room’s state to an earlier value, it does not grant administrative or creator privileges.
In addition, he said, CVE-2025-54315 is a soundness issue “with no known exploitation path,”
being fixed purely as a precaution. “It does not involve predicting a room ID, and even if a future room ID could be guessed, cryptographic signatures prevent other servers from creating a valid fake room,” said Kasak.
New MSCs bundled into version 12
Matrix said it made the “unusual decision” to embargo MSCs due to risk of exploitation. They include:
MSC4289: Makes it explicit that room creators have ‘infinite’ power. “Access control requires a hierarchy, and the creator is at the top of this hierarchy,” Matrix explains. This also allows admins to promote other users to admin or demote themselves should they lose control of their rooms. “If creators go rogue or disappear, the solution is to establish a new creator by either upgrading the room or creating a new one.”
MSC4291: Changes the format of room IDs so that they are the same as the event ID. Matrix explains that this is a precautionary measure to prevent a theoretical class of attacks where malicious admins introduce false events in a room to hijack it.
MSC4297: Protects against ‘state resets’ that revert a room to an earlier state. Such resets can re-add users to a room they have left; or the server may no longer recognize previously present users.
These MSCs are bundled into Room Version 12, which is expected to be formally released later this month.
Upgrade now, be picky about connections long-term
Matrix users and server administrators are advised to upgrade clients to the latest version and ensure it supports the upcoming Room Version 12.
Avakian recommends updating all clients and bots, including any applications, integrations, or automated tools connected to a Matrix server. Connections to external sites should be limited where possible, and administrators and key users should be alerted about the changes immediately.
“As with any critical change, employing a test-first approach will avoid the potential for breaking things for end users and disrupting business,” he said.
Long-term, he urged, be “picky” about who you connect to, only allow federation with trusted servers, and ensure that the true “creator” is the only one able to perform certain changes or actions. Monitor regularly through event logging, and review important room changes for suspicious activity. And always apply patches and updates, but only after appropriate testing.
“Also, it’s important to keep zero trust principles in mind,” said Avakian. “Treat other servers with caution, even if they’re part of your network, and secure accordingly.”
Updated with additional information from Matrix about the flaws.
No Responses