Extend the Hydra blog post with additional CVE information (#2969)

dkasak · web-flow · commit a760c52e3693 · 2025-10-23T11:53:35.000+02:00
diff --git a/content/blog/2025/08/2025-08-14-project-hydra-improving-state-res.md b/content/blog/2025/08/2025-08-14-project-hydra-improving-state-res.md
@@ -22,8 +22,8 @@ This entire process has been highly unusual for the ecosystem, and it’s unfort
 The MSCs added under embargo were:
 
 - [MSC4289](https://github.com/matrix-org/matrix-spec-proposals/pull/4289): Explicitly privilege room creators
-- [MSC4291](https://github.com/matrix-org/matrix-spec-proposals/pull/4291): Room IDs as hashes of the create event
-- [MSC4297](https://github.com/matrix-org/matrix-spec-proposals/pull/4297): State Resolution v2.1
+- [MSC4291](https://github.com/matrix-org/matrix-spec-proposals/pull/4291): Room IDs as hashes of the create event, which resolves [CVE-2025-54315](https://www.cve.org/CVERecord?id=CVE-2025-54315)
+- [MSC4297](https://github.com/matrix-org/matrix-spec-proposals/pull/4297): State Resolution v2.1, which resolves [CVE-2025-49090](https://www.cve.org/CVERecord?id=CVE-2025-49090)
 - [MSC4304](https://github.com/matrix-org/matrix-spec-proposals/pull/4304): Room Version 12
 
 Supporting these MSCs are:
@@ -35,8 +35,8 @@ Supporting these MSCs are:
 
 These changes fixed the following vulnerabilities:
 
-- [CVE-2025-49090](https://www.cve.org/CVERecord?id=CVE-2025-49090) (State Resolution 2.0 deficiencies)
-- [CVE-2025-54315](https://www.cve.org/CVERecord?id=CVE-2025-54315) (Lack of create event uniqueness)
+- [CVE-2025-49090](https://www.cve.org/CVERecord?id=CVE-2025-49090): The Matrix State Resolution algorithm before version 2.1 exhibits undesirable behavior in certain edge conditions, resulting in state resets: the scenario of a room's state resetting to an earlier or incorrect state in the absence of revocation events that would validly result in that state. This allows a malicious participating homeserver to potentially corrupt a room's state by sending a crafted sequence of Matrix events and API responses. Room version 12 resolves the issue by switching to State Resolution v2.1
+- [CVE-2025-54315](https://www.cve.org/CVERecord?id=CVE-2025-54315): Matrix rooms before version 12 do not strongly (i.e. cryptographically) enforce the uniqueness of a room's creation event. While mitigating mechanisms exist which prevent exploitation of the issue in practice, this is a protocol soundness issue. Matrix room version 12 fixes this by making the room ID equal to the hash of the room's creation event.
 
 ## Impact
 
