CVE-2025-59947

NanoMQ has Buffer Overflow

Description

NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription.

INFO

Published Date :

2025-12-15T20:19:17.212Z

Last Modified :

2025-12-15T20:58:37.814Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-59947 vulnerability.

Vendors	Products
Emqx	Nanomq

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59947.

URL	Resource
https://github.com/nanomq/nanomq/commit/5f5581054bb92f102cf99251e8af2f43763d457b
https://github.com/nanomq/nanomq/issues/2110
https://github.com/nanomq/nanomq/security/advisories/GHSA-98f4-cmg8-x7f3

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact