VYPR
Medium severityOSV Advisory· Published Nov 25, 2025· Updated Apr 15, 2026

CVE-2025-65953

CVE-2025-65953

Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.22.5, a Heap-Use-After-Free (UAF) vulnerability exists in the TCP transport component of NanoMQ, which relies on the underlying NanoNNG library (specifically in src/sp/transport/mqtt/broker_tcp.c). The vulnerability is due to improper resource management and premature cleanup of message and pipe structures under specific malformed MQTTV5 retain message traffic conditions. This issue has been patched in version 0.22.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Emqx/NanomqOSV2 versions
    0.0.1, 0.0.2, 0.0.3, …+ 1 more
    • (no CPE)range: 0.0.1, 0.0.2, 0.0.3, …
    • (no CPE)range: <=0.22.5

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.