Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.22.5, a Heap-Use-After-Free (UAF) vulnerability exists in the TCP transport component of NanoMQ, which relies on the underlying NanoNNG library (specifically in src/sp/transport/mqtt/broker_tcp.c). The vulnerability is due to improper resource management and premature cleanup of message and pipe structures under specific malformed MQTTV5 retain message traffic conditions. This issue has been patched in version 0.22.5.

INFO

Published Date :

2025-11-25T23:13:09.619Z

Last Modified :

2025-11-26T16:10:11.478Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65953 vulnerability.

Vendors Products
Emqx
  • Nanomq
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65953.

URL Resource
https://github.com/nanomq/nanomq/security/advisories/GHSA-r95p-wjm8-2qxr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability