NanoMQ UAF of retain message due to invalid MQTTV5 properties

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.22.5, a Heap-Use-After-Free (UAF) vulnerability exists in the TCP transport component of NanoMQ, which relies on the underlying NanoNNG library (specifically in src/sp/transport/mqtt/broker_tcp.c). The vulnerability is due to improper resource management and premature cleanup of message and pipe structures under specific malformed MQTTV5 retain message traffic conditions. This issue has been patched in version 0.22.5.

Basic Information

ID CVE-2025-65953

Source GitHub_M

Published Nov 25, 2025 at 23:13

Affected Product

Vendor nanomq

Product nanomq

Version < 0.22.5

Affected Versions nanomq nanomq < 0.22.5

CWE Classification

CWE-416

References

github.com /nanomq/nanomq/security/advisories/GHSA-r95p-wjm8-2qxr

{
    "lastseen": "",
    "description": "NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.22.5, a Heap-Use-After-Free (UAF) vulnerability exists in the TCP transport component of NanoMQ, which relies on the underlying NanoNNG library (specifically in src/sp/transport/mqtt/broker_tcp.c). The vulnerability is due to improper resource management and premature cleanup of message and pipe structures under specific malformed MQTTV5 retain message traffic conditions. This issue has been patched in version 0.22.5.",
    "published": "2025-11-25T23:13:09.619Z",
    "modified": "2025-11-25T23:13:09.619Z",
    "type": "cve",
    "title": "NanoMQ UAF of retain message due to invalid MQTTV5 properties",
    "source": "GitHub_M",
    "references": "https://github.com/nanomq/nanomq/security/advisories/GHSA-r95p-wjm8-2qxr",
    "id": "CVE-2025-65953",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "nanomq nanomq < 0.22.5",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "nanomq",
    "version": "< 0.22.5",
    "vendor": "nanomq",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

NanoMQ UAF of retain message due to invalid MQTTV5 properties_CVE-2025-65953