What is the CVSS score of EUVD-2025-17711?

EUVD-2025-17711 has a CVSS 3.1 base score of 4.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Suse are affected by EUVD-2025-17711?

Organizations using Rust. matrix-sdk-crypto since should be aware of moderate risk from CVE-2025-48937 rated CVSS 4.9. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for EUVD-2025-17711?

Yes, a public proof-of-concept exploit is available for EUVD-2025-17711. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-17711?

Within 30 days: Identify affected systems running Rust. matrix-sdk-crypto since and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Suse EUVD-2025-17711

| CVE-2025-48937 MEDIUM

Authentication Bypass by Spoofing (CWE-290)

2025-06-10 security-advisories@github.com

GHSA-x958-rvg6-956w

Authentication Bypass Suse

4.9

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

4.9 MEDIUM

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

SUSE

MEDIUM

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17711

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

PoC Detected

Jun 12, 2025 - 16:06 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 16:15 nvd

MEDIUM 4.9

DescriptionGitHub Advisory

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. This vulnerability is fixed in 0.11.1 and 0.12.0.

Analysis

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Authentication Bypass by Spoofing (CWE-290).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Vendor StatusVendor

SUSE

Severity: Medium

Product	Status
openSUSE Tumbleweed	Fixed

EUVD-2025-17711 vulnerability details – vuln.today

Back

Suse EUVD-2025-17711

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code