CVE-2025-65953

by Fred · 25/11/2025

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.22.5, a Heap-Use-After-Free (UAF) vulnerability exists in the TCP transport component of NanoMQ, which relies on the underlying NanoNNG library (specifically in src/sp/transport/mqtt/broker_tcp.c). The vulnerability is due to improper resource management and premature cleanup of message and pipe structures under specific malformed MQTTV5 retain message traffic conditions. This issue has been patched in version 0.22.5.

More information : https://github.com/nanomq/nanomq/security/advisories/GHSA-r95p-wjm8-2qxr

CVE-2025-65953

Similar

Recent Posts

Categories

CVE-2025-65953

Share this:

Similar

Recent Posts

Categories

Tags