CVE-2025-23197
MEDIUM EPSS 34.9%
Published Jan 27, 20251y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Published Jan 27, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can crash on restart due to a missing check. The impact is greater to you untrusted users can add their own GitHub organizations to Hookshot in order to connect their room to a repository. This vulnerability is fixed in 6.0.2 and 5.4.2.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
34.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-754
References 2
- github.com https://github.com/matrix-org/matrix-hookshot/commit/e51d8210233ac759e7f7dfebc2c4f1bf6ce94802
- github.com https://github.com/matrix-org/matrix-hookshot/security/advisories/GHSA-cr4q-jf47-3645
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.