What is the severity of CVE-2025-23197?

CVE-2025-23197 is classified as a Denial of Service (DoS) vulnerability.

How do I fix CVE-2025-23197?

To address CVE-2025-23197, upgrade to Matrix Hookshot version 6.0.2 or above, or version 5.4.2 or above.

Which versions of Matrix Hookshot are affected by CVE-2025-23197?

Matrix Hookshot versions 6.0.1 and below, and versions 5.4.1 and below are affected by CVE-2025-23197.

What type of attack does CVE-2025-23197 enable?

CVE-2025-23197 enables a Denial of Service (DoS) attack that can crash the application.

Is CVE-2025-23197 specific to a particular configuration of Matrix Hookshot?

Yes, CVE-2025-23197 is specifically triggered when Matrix Hookshot is configured with GitHub support.

Vulnerability/
CVE-2025-23197

medium

6.5

CWE

754

EPSS

0.043%

27/1/2025

12/2/2025

CVE-2025-23197: matrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support

First published: Mon Jan 27 2025(Updated: )

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can crash on restart due to a missing check. The impact is greater to you untrusted users can add their own GitHub organizations to Hookshot in order to connect their room to a repository. This vulnerability is fixed in 6.0.2 and 5.4.2.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Matrix Hookshot	<6.0.1
Matrix Hookshot	<5.4.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-23197?
CVE-2025-23197 is classified as a Denial of Service (DoS) vulnerability.
How do I fix CVE-2025-23197?
To address CVE-2025-23197, upgrade to Matrix Hookshot version 6.0.2 or above, or version 5.4.2 or above.
Which versions of Matrix Hookshot are affected by CVE-2025-23197?
Matrix Hookshot versions 6.0.1 and below, and versions 5.4.1 and below are affected by CVE-2025-23197.
What type of attack does CVE-2025-23197 enable?
CVE-2025-23197 enables a Denial of Service (DoS) attack that can crash the application.
Is CVE-2025-23197 specific to a particular configuration of Matrix Hookshot?
Yes, CVE-2025-23197 is specifically triggered when Matrix Hookshot is configured with GitHub support.

collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/references
agent/description
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/last-modified-date
agent/event
agent/source
agent/tags
collector/epss-latest
source/FIRST
agent/epss
vendor/matrix
canonical/matrix hookshot

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.