CVE-2025-59946
Use-After-Free Vulnerability in NanoMQ MQTT Broker Causes Crash
Publication date: 2025-12-27
Last updated on: 2025-12-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nanomq | nanomq | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a classical data racing issue in the NanoMQ MQTT Broker prior to version 0.24.2. It involves the sub info list, where concurrent access can lead to a heap use after free crash, meaning the program may attempt to use memory that has already been freed, causing instability or crashes. This issue has been fixed in version 0.24.2.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the use-after-free crash on the NanoMQ broker by sending specific malformed MQTT packets multiple times to the broker's TCP port 1883. A suggested method is to use minimal C test cases or hex-encoded MQTT packets piped through tools like `xxd` and `nc` (netcat) to send these packets to the broker on localhost port 1883. For example, you can use commands similar to: `echo '<hex-encoded-packet>' | xxd -r -p | nc localhost 1883` repeatedly to trigger the crash. Monitoring for broker crashes or AddressSanitizer (ASAN) stack traces can help confirm the presence of the vulnerability. Note that this requires a test environment as it involves sending malformed packets that may disrupt service. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized data access, modification, and service disruption, which could lead to non-compliance with standards like GDPR and HIPAA that require protection of data confidentiality, integrity, and availability. Exploitation of this vulnerability could result in breaches of sensitive information and service outages, impacting regulatory compliance. [1]
How can this vulnerability impact me? :
This vulnerability can cause the NanoMQ broker to crash due to heap use after free errors, potentially leading to denial of service or instability in messaging services relying on NanoMQ. It may disrupt communication and affect the availability and reliability of systems using this broker.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update NanoMQ MQTT Broker to version 0.24.2 or later, where the data racing issue causing heap use after free crash has been patched.