CVE-2025-59946

Published: Dec 27, 2025Modified: Jan 30, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: security-advisories@github.com (Secondary)

Description

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.

Affected (1)

Products: Emqx: Nanomq

Emqx

1 product

Nanomq

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Emqx Nanomq	Before 0.24.4

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

https://github.com/nanomq/nanomq/issues/1863

Source: security-advisories@github.com

ExploitIssue Tracking

https://github.com/nanomq/nanomq/security/advisories/GHSA-xg37-23w7-72p5

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.