CVE-2022-39249 is a vulnerability identified in the matrix-js-sdk, the JavaScript client-server SDK used by the Matrix protocol for decentralized communication. The issue stems from an insecure key exchange mechanism prior to version 19.7.0, where the SDK implemented a permissive key forwarding strategy without proper entity authentication. This flaw allows a malicious homeserver, in cooperation with an attacker, to inject messages that appear to originate from another legitimate user. Although some client platforms mark such messages with a grey shield indicating potential untrustworthiness, other platforms may lack this visual warning, increasing the risk of deception. The root cause is the SDK accepting forwarded encryption keys without verifying that they come from verified devices or in response to legitimate key requests. This lack of strict authentication in key exchange (CWE-322) and improper authentication (CWE-287) enables attackers to impersonate users by forwarding keys maliciously. Starting with version 19.7.0, the matrix-js-sdk enforces a stricter policy: it only accepts forwarded keys in response to previously issued requests and exclusively from the user's own verified devices. Additionally, the SDK now sets a 'trusted' flag on decrypted messages based on the trustworthiness of the key source. Clients are responsible for visually indicating when messages are decrypted with untrusted keys, such as displaying warnings. Exploitation requires coordination between a malicious homeserver and an attacker, meaning that users who trust their homeservers are not vulnerable. No known exploits have been reported in the wild to date.

For European organizations utilizing Matrix-based communication platforms that rely on the matrix-js-sdk versions prior to 19.7.0, this vulnerability poses a significant risk to message authenticity and integrity. An attacker controlling or cooperating with a malicious homeserver can impersonate legitimate users, potentially leading to misinformation, social engineering attacks, or unauthorized disclosure of sensitive information. The grey shield warning is not consistently displayed across all client platforms, which may cause users to unknowingly trust forged messages. This undermines the confidentiality and integrity of communications, potentially impacting sectors where secure messaging is critical, such as government, finance, healthcare, and critical infrastructure. The decentralized nature of Matrix means that organizations operating their own homeservers or relying on trusted homeservers are less at risk, but those using third-party or less trusted homeservers face higher exposure. The attack does not directly impact availability but can severely damage trust in communication channels, which is crucial for operational security and compliance with data protection regulations like GDPR.

European organizations should immediately upgrade all instances of matrix-js-sdk to version 19.7.0 or later to benefit from the stricter key forwarding policies and trusted flag implementation. Organizations operating their own homeservers should enforce strict verification of devices and key requests, ensuring that only keys from verified devices are accepted. Client applications must be updated or configured to prominently display warnings or visual indicators when messages are decrypted with untrusted keys, preventing users from being misled by forged messages. Additionally, organizations should audit their homeserver configurations to ensure they do not inadvertently cooperate with malicious actors and consider implementing monitoring to detect unusual key forwarding or message patterns indicative of attempted impersonation. Training users to recognize and report suspicious messages, especially those lacking trust indicators, will further reduce risk. Finally, organizations should consider segmenting communication channels and limiting the use of third-party homeservers to reduce exposure to malicious intermediaries.