CVE-2025-11757
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-21
Assigner: ICS-CERT
Description
Description
The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key information to connect to the cameras from peer to peer.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meari_technologies | cloudedge_app | 4.4.2 |
| meari_technologies | cloudedge_cloud | * |
| meari_technologies | cloudedge_online_cameras | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-155 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component. |
