7.5

CVE-2025-56353

Exploit

EPSS 0.07%
Veröffentlicht 20.01.2026 00:00:00
Zuletzt bearbeitet 03.02.2026 21:54:46
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter payloads. Each request causes memory to be allocated for the malformed topic filter, but the broker does not free the associated memory, leading to unbounded heap growth and potential denial of service under sustained attack.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Justdoit0910 ≫ Tinymqtt Version2024-02-18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.209

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://github.com/JustDoIt0910/tinyMQTT/issues/19

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-56353

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-56353

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-56353

EUVD