Login Sign Up

CVE-2025-59946

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2025-59946 is a heap use-after-free vulnerability in NanoMQ MQTT broker caused by a data race condition in subscription information handling. This allows attackers to crash the broker service, potentially leading to denial of service. Organizations using NanoMQ versions before 0.24.2 for edge messaging are affected.

💻 Affected Systems

Products:
  • NanoMQ MQTT Broker
Versions: All versions prior to 0.24.2
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All NanoMQ deployments using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Nanomq by Emqx

View all CVEs affecting Nanomq →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete broker crash leading to extended service disruption, potential data loss for in-flight messages, and possible remote code execution if heap corruption is leveraged.

🟠

Likely Case

Service crash and restart causing temporary MQTT messaging disruption, affecting IoT/edge device communication.

🟢

If Mitigated

Service restart with minimal data loss if proper monitoring and auto-restart mechanisms are in place.

🌐 Internet-Facing: HIGH - MQTT brokers often face the internet for IoT communications, making them accessible to attackers.
🏢 Internal Only: MEDIUM - Internal brokers could still be targeted by compromised internal devices or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires triggering a data race condition which may be timing-dependent but doesn't require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.24.2

Vendor Advisory: https://github.com/nanomq/nanomq/security/advisories/GHSA-xg37-23w7-72p5

Restart Required: Yes

Instructions:

1. Download NanoMQ 0.24.2 or later from official repository. 2. Stop the running NanoMQ service. 3. Replace the binary with the patched version. 4. Restart the NanoMQ service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to NanoMQ broker to trusted networks only

Rate Limiting

linux

Implement connection and subscription rate limiting to reduce race condition triggers

iptables -A INPUT -p tcp --dport 1883 -m limit --limit 60/min --limit-burst 100 -j ACCEPT

🧯 If You Can't Patch

  • Implement network-level protections like firewalls and intrusion prevention systems
  • Deploy redundant NanoMQ instances with load balancing to maintain service during crashes

🔍 How to Verify

Check if Vulnerable:

Check NanoMQ version with 'nanomq --version' or examine binary metadata

Check Version:

nanomq --version

Verify Fix Applied:

Confirm version is 0.24.2 or later and monitor for crash events in logs

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault
  • heap corruption
  • use-after-free
  • abnormal termination
  • core dump generation

Network Indicators:

  • Unusual subscription patterns
  • rapid connection/disconnection attempts
  • MQTT protocol anomalies

SIEM Query:

source="nanomq.log" AND ("segmentation fault" OR "heap" OR "abort" OR "core dumped")

📊 Metadata

CVE ID: CVE-2025-59946
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.05% exploit probability (16.6th percentile)
Published: December 27, 2025
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59946, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)