Description

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can crash on restart due to a missing check. The impact is greater to you untrusted users can add their own GitHub organizations to Hookshot in order to connect their room to a repository. This vulnerability is fixed in 6.0.2 and 5.4.2.

INFO

Published Date :

2025-01-27T17:21:40.377Z

Last Modified :

2025-02-12T20:41:35.629Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-23197 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23197.

URL Resource
https://github.com/matrix-org/matrix-hookshot/commit/e51d8210233ac759e7f7dfebc2c4f1bf6ce94802 cve-icon cve-icon
https://github.com/matrix-org/matrix-hookshot/security/advisories/GHSA-cr4q-jf47-3645 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact