RUSTSEC-2025-0065: 
Rust vulnerability analysis and mitigation

The vulnerability (RUSTSEC-2025-0065) affects the matrix-sdk-base Rust package versions prior to 0.14.1, where calling the RoomMember::normalizedpowerlevel() method can trigger a panic if a room member has a power level of Int::Min. The issue was discovered and disclosed on September 11, 2025 (GitHub Advisory).

The vulnerability exists in the RoomMember::normalizedpowerlevel() method implementation within the matrix-sdk-base package. The method fails to properly handle the edge case where a room member's power level is set to the minimum integer value (Int::Min), resulting in a panic condition. The vulnerability has been assigned a Low severity rating (GitHub Advisory).

The impact of this vulnerability is limited to potential denial of service through application crashes when the affected method is called with specific power level values. Since the vulnerable method is not used internally by the library, the impact is confined to external callers of the RoomMember::normalizedpowerlevel() method (GitHub Advisory).

The vulnerability has been patched in matrix-sdk-base version 0.14.1. For users unable to upgrade immediately, a workaround is available by avoiding calls to the RoomMember::normalizedpowerlevel() method, as this method is not used internally by the library (GitHub Advisory).