How severe is CVE-2025-24024?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2025-24024?

This is classified as CWE-671, which is a common weakness in software security.

CVE-2025-24024

CRITICAL Year: 2025

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-671

View all →

Vulnerability Description

Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn't possible.

CVE-2018-13283

HIGH

CVSS:7.4(High)

Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (...

CWE-6712018

CVE-2018-13283

HIGH

CVSS:7.4(High)

CWE-6712018

CVE-2023-20115

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or ov...

CWE-6712023

CVE-2022-29163

MEDIUM

CVSS:4.3(Medium)

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if th...

CWE-6712022

CVE-2025-24024

Vulnerability Description

Related Vulnerabilities

CVE-2018-13283

CVE-2018-13283

CVE-2023-20115

CVE-2022-29163