CVE-2025-65503
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-12-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redboltz | async_mqtt | 10.2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-65503 is a heap-use-after-free vulnerability in the async_mqtt library's broker shutdown process. It occurs when SSL/TLS initialization fails, causing an incorrect destruction order between io_context objects and endpoint objects that hold timers. Specifically, io_context objects are destroyed before endpoint objects, leading endpoint destructors to access already freed memory, resulting in a use-after-free error. [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) by crashing the async_mqtt broker during shutdown after SSL initialization failures. Local users triggering SSL initialization failures can exploit this to cause the broker to access freed memory, leading to instability or crashes. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by building the async_mqtt broker with AddressSanitizer enabled and then running it while injecting faults in OpenSSL to simulate SSL/TLS initialization failures. AddressSanitizer will report heap-use-after-free errors during broker shutdown. Suggested commands include compiling with flags like `-fsanitize=address,undefined` and running the broker under these conditions to observe sanitizer reports. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update async_mqtt to the version that includes the fix merged in pull request #437, which corrects the destruction order of objects in broker.cpp to prevent use-after-free during shutdown. Applying this patch or upgrading to a version containing it will eliminate the vulnerability. [1]