CVE-2025-10543
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-02

Last updated on: 2025-12-02

Assigner: Eclipse Foundation

Description
In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT topic may leak into the message body in a PUBLISH packet). The issue arises because the length of the data passed in was converted from an int64/int32 (depending upon CPU) to an int16 without checks for overflows. The int16 length was then written, followed by the data (e.g. topic). This meant that when the data (e.g. topic) was over 65535 bytes then the amount of data written exceeds what the length field indicates. This could lead to a corrupt packet, or mean that the excess data leaks into another field (e.g. topic leaks into message body).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-02
Last Modified
2025-12-02
Generated
2026-05-07
AI Q&A
2025-12-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10543
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eclipse paho_mqtt_golang 1.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-681 When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
CWE-197 Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Eclipse Paho Go MQTT v3.1 library versions up to 1.5.0. When UTF-8 encoded strings longer than 65535 bytes are passed into the library, their length is incorrectly encoded due to an integer overflow issue. Specifically, the length is converted from a larger integer type (int64/int32) to a smaller int16 without proper overflow checks. This causes the length field to be incorrect, leading to packets that contain unexpected or corrupted content, such as parts of an MQTT topic leaking into the message body of a PUBLISH packet.


How can this vulnerability impact me? :

The vulnerability can cause MQTT packets sent to the server to be malformed or corrupted. This may result in unintended data leakage, such as parts of an MQTT topic appearing in the message body. Such corruption can disrupt communication, cause data integrity issues, or potentially expose sensitive information within MQTT messages.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart