Miggo Logo
Miggo Vulnerability Database
CVE-2025-27146

CVE-2025-27146: Matrix IRC Bridge allows IRC command injection to own puppeted user

2.7

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-27146
GHSA ID
GHSA-5mvm-89c9-9gm5
EPSS Score
0.15991%
CWE
CWE-77
Published
2/25/2025
Updated
2/25/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
matrix-appservice-ircnpm< 3.0.43.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input sanitization in the topic-setting functionality. The commit diff shows the patched version adds sanitization by replacing newlines with pipes in BridgedClient.ts. The original vulnerability (CWE-77/CWE-88) occurred because raw user-supplied topic data containing newline characters could terminate the TOPIC command and execute subsequent IRC commands. The affected function is clearly identified by the patch location and the vulnerability description matching command injection via topic manipulation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** m*trix-*pps*rvi**-ir* *ri*** up to v*rsion *.*.* *ont*ins * vuln*r**ility w*i** **n l*** to *r*itr*ry IR* *omm*n* *x**ution *s t** pupp*t** us*r. T** *tt**k*r **n only inj**t *omm*n*s *x**ut** *s t**ir own IR* us*r. ### P*t***s T** vu

Reasoning

T** vuln*r**ility st*ms *rom improp*r input s*nitiz*tion in t** topi*-s*ttin* *un*tion*lity. T** *ommit *i** s*ows t** p*t**** v*rsion ***s s*nitiz*tion *y r*pl**in* n*wlin*s wit* pip*s in `*ri*****li*nt.ts`. T** ori*in*l vuln*r**ility (*W*-**/*W*-**