Insufficient Hostname Validation in Rubygem MQTT
CVE-2025-12790

7.4HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Satellite 6
Vendor
CVE Published:
6 November 2025

What is CVE-2025-12790?

A flaw exists in Rubygem MQTT where the default configuration lacks hostname validation. This oversight can enable attackers to perform Man-in-the-Middle (MITM) attacks, compromising the integrity and confidentiality of communications. Users are advised to review their configurations and update to the latest version to safeguard against potential exploits.

References

https://access.redhat.com/security/cve/CVE-2025-12790
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2413004
issue-trackingx_refsource_REDHAT
https://github.com/njh/ruby-mqtt/blob/main/NEWS.md#ruby-m...

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-12790 : Insufficient Hostname Validation in Rubygem MQTT