Unrated severityNVD Advisory· Published Oct 24, 2025· Updated Oct 24, 2025
FlashMQ does not release memory of queued QoS messages
CVE-2025-62723
Description
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent to a client, these are then not released upon (eventual) session expiration. Version 1.23.2 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/halfgaar/FlashMQ/commit/e86c49360ef4387440c97f591770cdb9284b4ee9mitrex_refsource_MISC
- github.com/halfgaar/FlashMQ/issues/154mitrex_refsource_MISC
- github.com/halfgaar/FlashMQ/security/advisories/GHSA-7mhp-22q4-r6vvmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.