VYPR
Unrated severityNVD Advisory· Published Oct 24, 2025· Updated Oct 24, 2025

FlashMQ does not release memory of queued QoS messages

CVE-2025-62723

Description

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent to a client, these are then not released upon (eventual) session expiration. Version 1.23.2 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Halfgaar/Flashmqllm-fuzzy2 versions
    <1.23.2+ 1 more
    • (no CPE)range: <1.23.2
    • (no CPE)range: < 1.23.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.