Login Sign Up

CVE-2025-59947

9.0 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

NanoMQ versions before 0.24.4 contain a buffer overflow vulnerability when PUBLISH packets trigger both shared and vanilla subscriptions simultaneously. This allows attackers to execute arbitrary code or crash the service. All NanoMQ deployments using affected versions with shared subscriptions enabled are vulnerable.

💻 Affected Systems

Products:
  • NanoMQ
Versions: All versions prior to 0.24.4
Operating Systems: All platforms running NanoMQ
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when shared subscriptions are enabled and PUBLISH packets trigger both subscription types.

📦 What is this software?

Nanomq by Emqx

View all CVEs affecting Nanomq →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or deployment of persistent malware.

🟠

Likely Case

Service crash causing denial of service and disruption to IoT messaging operations.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, potentially just service instability.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication if service is exposed.
🏢 Internal Only: MEDIUM - Internal attackers or compromised devices could exploit, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific PUBLISH packets but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.24.4

Vendor Advisory: https://github.com/nanomq/nanomq/security/advisories/GHSA-98f4-cmg8-x7f3

Restart Required: Yes

Instructions:

1. Download NanoMQ 0.24.4 or later from official repository. 2. Stop the NanoMQ service. 3. Replace the binary with patched version. 4. Restart the service.

🔧 Temporary Workarounds

Disable Shared Subscriptions

all

Prevent the buffer overflow by disabling shared subscription functionality.

Edit NanoMQ configuration file and set 'shared_subscription = false' or remove shared subscription configurations.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can connect to NanoMQ service.
  • Deploy intrusion detection systems to monitor for abnormal MQTT traffic patterns.

🔍 How to Verify

Check if Vulnerable:

Check NanoMQ version with 'nanomq --version' and verify it's below 0.24.4, and check if shared subscriptions are enabled in configuration.

Check Version:

nanomq --version

Verify Fix Applied:

Confirm version is 0.24.4 or higher with 'nanomq --version' and test shared subscription functionality.

📡 Detection & Monitoring

Log Indicators:

  • Service crashes, segmentation faults, or abnormal termination logs in NanoMQ logs.
  • Unusual PUBLISH packet patterns in MQTT logs.

Network Indicators:

  • Abnormal MQTT traffic spikes, malformed PUBLISH packets targeting shared subscriptions.

SIEM Query:

source="nanomq" AND ("segmentation fault" OR "buffer overflow" OR "crash")

📊 Metadata

CVE ID: CVE-2025-59947
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-120
EPSS Score: 0.04% exploit probability (13th percentile)
Published: December 15, 2025
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59947, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)