CVE-2025-59946
Unknown Unknown - Not Provided
Use-After-Free Vulnerability in NanoMQ MQTT Broker Causes Crash

Publication date: 2025-12-27

Last updated on: 2025-12-27

Assigner: GitHub, Inc.

Description
NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-27
Last Modified
2025-12-27
Generated
2026-06-16
AI Q&A
2025-12-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-59946
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nanomq nanomq *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a classical data racing issue in the NanoMQ MQTT Broker prior to version 0.24.2. It involves the sub info list, where concurrent access can lead to a heap use after free crash, meaning the program may attempt to use memory that has already been freed, causing instability or crashes. This issue has been fixed in version 0.24.2.

Impact Analysis

This vulnerability can cause the NanoMQ broker to crash due to heap use after free errors, potentially leading to denial of service or instability in messaging services relying on NanoMQ. It may disrupt communication and affect the availability and reliability of systems using this broker.

Mitigation Strategies

To mitigate this vulnerability, update NanoMQ MQTT Broker to version 0.24.2 or later, where the data racing issue causing heap use after free crash has been patched.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the use-after-free crash on the NanoMQ broker by sending specific malformed MQTT packets multiple times to the broker's TCP port 1883. A suggested method is to use minimal C test cases or hex-encoded MQTT packets piped through tools like `xxd` and `nc` (netcat) to send these packets to the broker on localhost port 1883. For example, you can use commands similar to: `echo '<hex-encoded-packet>' | xxd -r -p | nc localhost 1883` repeatedly to trigger the crash. Monitoring for broker crashes or AddressSanitizer (ASAN) stack traces can help confirm the presence of the vulnerability. Note that this requires a test environment as it involves sending malformed packets that may disrupt service. [2]

Compliance Impact

The vulnerability allows unauthorized data access, modification, and service disruption, which could lead to non-compliance with standards like GDPR and HIPAA that require protection of data confidentiality, integrity, and availability. Exploitation of this vulnerability could result in breaches of sensitive information and service outages, impacting regulatory compliance. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59946. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart