Miggo Logo
Miggo Vulnerability Database
CVE-2025-61672

CVE-2025-61672: Synapse's invalid device keys degrade federation functionality

N/A

CVSS Score

Basic Information

CVE ID
CVE-2025-61672
GHSA ID
GHSA-fh66-fcv5-jjfr
EPSS Score
-
CWE
CWE-1287
Published
10/8/2025
Updated
10/8/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
matrix-synapsepip< 1.138.31.138.3
matrix-synapsepip>= 1.139.0rc2, < 1.139.11.139.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability lies in the lack of input validation when a user uploads end-to-end encryption keys via the /_matrix/client/v3/keys/upload API endpoint. The analysis of the patch commits 26aaaf9e48fff80cf67a20c691c75d670034b3c1 and 7069636c2d6d1ef2022287addf3ed8b919ef2740 reveals that the KeyUploadServlet.on_POST method in synapse/rest/client/keys.py was the primary point of failure. It accepted a JSON body from the user and passed it to the E2eKeysHandler.upload_keys_for_user function in synapse/handlers/e2e_keys.py without ensuring the data conformed to the expected structure. An attacker could provide an invalid data structure for device_keys, one_time_keys, or fallback_keys (e.g., a list instead of a dictionary). This would cause downstream processing in E2eKeysHandler.upload_keys_for_user to fail, leading to a persistent error state that would break outbound federation from the homeserver. The patch introduces strict validation at the API boundary using a Pydantic model (KeyUploadRequestBody) to reject any malformed requests immediately. Therefore, both the servlet method that accepts the input and the handler method that processes it are identified as key functions in the vulnerability.

Vulnerable functions

KeyUploadServlet.on_POST
synapse/rest/client/keys.py
This function is the entry point for the `/_matrix/client/v3/keys/upload` endpoint. It directly receives user-controlled data. Before the patch, it did not validate the structure of the `device_keys`, `one_time_keys`, or `fallback_keys` in the request body, allowing malformed data to be passed to downstream handlers, which could lead to unexpected behavior and degradation of service.
E2eKeysHandler.upload_keys_for_user
synapse/handlers/e2e_keys.py
This function is responsible for processing the uploaded keys and storing them. It was vulnerable because it would receive and attempt to process malformed key data from the `KeyUploadServlet`. The lack of proper validation upstream meant this function could be forced to handle unexpected data structures, leading to errors that would degrade federation functionality.

WAF Protection Rules

WAF Rule

### Imp**t L**k o* v*li**tion *or **vi** k*ys in Syn*ps* ***or* *.***.* *n* in Syn*ps* *.***.* *llow *n *tt**k*r r**ist*r** on t** vi*tim *om*s*rv*r to ***r*** ****r*tion *un*tion*lity, unpr**i*t**ly *r**kin* out*oun* ****r*tion to ot**r *om*s*rv*rs

Reasoning

T** vuln*r**ility li*s in t** l**k o* input v*li**tion w**n * us*r uplo**s *n*-to-*n* *n*ryption k*ys vi* t** `/_m*trix/*li*nt/v*/k*ys/uplo**` *PI *n*point. T** *n*lysis o* t** p*t** *ommits `****************************************` *n* `***********