Cyber Resilience

CVE-2025-24024

Critical

Published: 21 January 2025

Published
21 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0023 46.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24024 is a critical-severity Lack of Administrator Control over Security (CWE-671) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24024 is a high-severity vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) affecting Mjolnir version 1.9.0, an open-source moderation bot for Matrix servers. The flaw stems from the bot responding to management commands issued from any room it is a member of, rather than restricting them to authorized operator rooms. This misconfiguration enables unauthorized access to the bot's full range of functions, including potentially sensitive server administration capabilities if those components are enabled (CWE-671: Unauthorized Control Sphere Application Violation).

Any user present in a room where the Mjolnir bot v1.9.0 is joined can exploit this vulnerability remotely over the network with low complexity and no required privileges or user interaction. Attackers can issue arbitrary management commands to manipulate the bot's behavior, such as banning users, modifying room configurations, or executing server-level administrative actions if configured, leading to significant integrity and availability impacts.

Mitigation involves upgrading to Mjolnir version 1.9.1, which reverts the problematic feature, or version 1.9.2, which reintroduces it with proper safeguards. If upgrading to 1.9.1 or later is not feasible, administrators should downgrade to version 1.8.3. Details are available in the GitHub security advisory (GHSA-3jq6-xc85-m394) and related commits (b437fa16 and d0ef527a).

EU & UK References

Vulnerability details

Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components…

more

if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn't possible.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability allows remote unauthorized execution of management commands on the publicly accessible Mjolnir bot by bypassing room authorization restrictions, directly enabling exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation through upgrading to Mjolnir v1.9.1/1.9.2 or downgrading to v1.8.3, directly eliminating the vulnerability allowing unauthorized management commands.

prevent

Enforces approved authorizations to restrict bot responses to management commands only from designated operator rooms, preventing unauthorized access exploitation.

prevent

Applies least privilege to bot functions, limiting impact of unauthorized commands even if issued from non-operator rooms.

References