CVE-2022-39835 is a medium-severity vulnerability affecting Gajim, an open-source XMPP client used for instant messaging. The vulnerability exists in versions up to 1.4.7 and allows an attacker who is a participant in a group or single chat to manipulate message correction functionality via crafted XML stanzas. Specifically, the attacker can correct messages that were not originally sent by them, effectively altering the chat history or message content attributed to other users. This flaw arises from improper authorization checks (CWE-284) in the handling of message correction stanzas, enabling unauthorized message edits. The vulnerability does not require any privileges beyond being a member of the chat, nor does it require user interaction beyond sending crafted XML data. The fixed version addressing this issue is Gajim 1.5.0. The CVSS v3.1 base score is 5.3, reflecting a network attack vector with low complexity, no privileges required, no user interaction, and limited impact confined to message integrity without affecting confidentiality or availability. No known exploits have been reported in the wild to date.

For European organizations using Gajim as a communication tool, this vulnerability could undermine the integrity of chat communications. Attackers who are part of the same chat group can alter messages sent by others, potentially causing misinformation, confusion, or reputational damage. This could be particularly impactful in sensitive environments such as corporate communications, legal discussions, or governmental messaging where message authenticity is critical. Although confidentiality and availability are not directly affected, the ability to tamper with message content can erode trust in communication channels and complicate audit trails or compliance efforts. Given that Gajim is often used by privacy-conscious users and organizations valuing open-source solutions, the vulnerability could affect sectors relying on secure messaging, including NGOs, research institutions, and small to medium enterprises across Europe.

Organizations should upgrade Gajim clients to version 1.5.0 or later, where this vulnerability is fixed. Until upgrades can be performed, users should limit chat membership to trusted participants only, minimizing the risk of malicious insiders exploiting this flaw. Network-level controls such as monitoring and filtering unusual XML stanza patterns could help detect exploitation attempts. Additionally, organizations should educate users about verifying message authenticity through out-of-band channels when critical information is exchanged. Implementing logging and audit mechanisms on chat servers to detect anomalous message corrections may also assist in early detection of exploitation. Finally, consider using alternative secure messaging platforms with robust message integrity protections if upgrading is not feasible in the short term.