CVE-2025-68667: Unauthenticated Attackers Can Force Matrix Servers to Sign Fake Membership Events

Executive Summary

CVE-2025-68667 is a high-risk security vulnerability affecting Continuwuity, a Matrix homeserver written in Rust. The flaw allows a remote, unauthenticated attacker to coerce a vulnerable server into cryptographically signing arbitrary membership events.

Although the issue does not directly enable code execution, it undermines one of the most critical security guarantees in Matrix federation: trust in signed events. If exploited, this vulnerability can lead to forged room membership events, federation trust poisoning, and long-term integrity issues across federated servers.

The vulnerability has been fixed in Continuwuity version 0.5.0. Systems running earlier versions are exposed and should be updated immediately.

Quick Facts

CVE ID: CVE-2025-68667
Affected software: Continuwuity (Matrix homeserver)
Severity: High
Attack vector: Remote
Authentication required: No
User interaction: None
Impact type: Integrity compromise / trust abuse
Affected versions: All versions prior to 0.5.0
Fixed version: 0.5.0

What the Vulnerability Is

Matrix servers rely on cryptographic signatures to prove that events—such as room membership changes—are legitimate and authorized. When a server signs an event, other servers in the federation trust that signature.

This vulnerability allows an attacker to make a Continuwuity server sign membership events without verifying who requested the signature. As long as the request references a valid local user ID, the server proceeds with signing, even if the request comes from an untrusted or completely unknown source.

In simple terms:
The server checks “Does this look like one of my users?” but fails to check “Who is asking me to sign this?”

Root Cause

The flaw exists in the handling of federation invite requests. When processing a signing request, the server validates only that the state_key belongs to a local user. It does not validate the origin of the request or confirm that it came from a trusted federated server.

This missing origin validation allows unauthenticated external actors to abuse the signing logic.

How This Vulnerability Can Be Exploited

Exploitation Prerequisites

An attacker needs:

Network access to the target server
Knowledge of at least one valid local Matrix user ID
No authentication, credentials, or federation trust

These requirements make exploitation relatively easy.

Exploitation Scenario 1: Forged Membership Events

The attacker sends a crafted request to the federation invite endpoint: PUT /_matrix/federation/v2/invite/{roomId}/{eventId}
The request includes a state_key set to a valid local user ID.
The server validates the user ID but not the request origin.
The server cryptographically signs the membership event.
The attacker obtains a signed event that appears legitimate to other servers.

Exploitation Scenario 2: Federation Trust Poisoning

By repeatedly abusing the signing logic, an attacker can:

Generate signed events that misrepresent room membership
Replay or distribute those events to other Matrix servers
Cause inconsistencies in room state across the federation

Because signed events are inherently trusted, this can have lasting and difficult-to-reverse effects.

Exploitation Scenario 3: Stealthy Long-Term Abuse

This vulnerability is particularly dangerous because:

It does not cause crashes or obvious failures
The server continues operating normally
Forged signed events blend in with legitimate traffic

An attacker could exploit this quietly over time, manipulating room history or trust relationships without immediate detection.

Why This Is Worse Than It Looks

This is not a traditional denial-of-service or crash bug. It is a trust-boundary violation.

In federated systems like Matrix, cryptographic signatures are the foundation of security. Once trust is abused, it is extremely difficult to determine which historical events are legitimate and which were forged.

Mitigation and Remediation

1. Apply the Official Patch

Upgrade Continuwuity to version 0.5.0 or later.
This version introduces proper validation of the origin of signing requests and fully resolves the vulnerability.

Official vendor advisory and patch:
https://github.com/nanbingxyz/5ire/security/advisories/GHSA-5hpf-p8fw-j349

2. Temporary Workaround (If Patching Is Delayed)

If immediate upgrading is not possible, reduce exposure by blocking the vulnerable endpoint at the reverse proxy level:

PUT /_matrix/federation/v2/invite/{roomId}/{eventId}

This prevents unauthenticated external requests from reaching the signing logic.

This is a temporary mitigation and should not replace patching.

MITRE ATT&CK Mapping

This vulnerability aligns with the following MITRE ATT&CK techniques:

Primary Techniques

T1556 – Modify Authentication Process

The attacker abuses flaws in how authentication and trust are enforced for signing operations.

T1606.002 – Forge Web Credentials: Signing Keys

The attacker causes the server to cryptographically sign events it should not, effectively forging trusted artifacts.

Supporting Techniques

T1190 – Exploit Public-Facing Application

The vulnerable endpoint is exposed to the internet and exploitable without authentication.

T1587 – Develop Capabilities

Attackers may craft specialized federation requests and tooling to exploit signing logic.

T1078 – Valid Accounts (Abuse of Trust Relationships)

While not stealing credentials, the attacker abuses trust associated with valid local user identifiers.

Detection and Monitoring Strategy

Key Log Sources

To detect exploitation attempts, ensure visibility into:

Continuwuity application logs
- Federation request handling
- Event signing operations
Reverse proxy logs (Nginx, Traefik, HAProxy, etc.)
- HTTP method
- Request path
- Source IP
- Request frequency
Federation debug or audit logs (if available)
- Server identity information
- Signing activity context

Detection Use Cases

Detection 1: Suspicious Federation Invite Requests

PUT requests to the federation invite endpoint
Requests originating from unknown or unexpected IPs
Lack of a known federated server relationship

Detection 2: Unexpected Signing Activity

Membership events signed without a corresponding legitimate join workflow
Signing events involving rarely used or inactive local users

Detection 3: Repeated or High-Volume Requests

Multiple signing attempts in a short time window
Requests targeting many different room or event IDs

Detection 4: Anomalous Federation Behavior

Requests missing expected federation metadata
Federation traffic that does not align with known peers

Indicators of Compromise (IoCs)

Running Continuwuity versions earlier than 0.5.0
Unexpected MCP or membership entries signed by the server
Unusual room membership changes
Repeated access to the federation invite endpoint
User reports of unexplained room joins or state changes

Post-Compromise Response Steps

If exploitation is suspected:

Immediately isolate the affected server from the network
Preserve logs and relevant event data for investigation
Assume federation trust may be compromised
Rotate credentials or keys if necessary
Rebuild and redeploy the server if integrity cannot be assured
Patch before restoring federation connectivity

Final Takeaway

CVE-2025-68667 is a serious trust-integrity vulnerability. While it does not provide direct system compromise, it enables attackers to abuse cryptographic authority in a federated environment, which can have long-lasting and hard-to-detect consequences.

Immediate patching combined with enhanced monitoring is the correct and recommended response.