Buffer Overflow in NanoMQ Messaging Broker for IoT Edge and SDV
CVE-2025-59947

8.5HIGH

Key Information:

Vendor

NanoMQ

Status
NanoMQ
Vendor
CVE Published:
15 December 2025

What is CVE-2025-59947?

NanoMQ, a messaging broker designed for IoT Edge and Software Defined Vehicles (SDV), is affected by a buffer overflow vulnerability that can be triggered by PUBLISH packets under both shared and vanilla subscription modes. This issue impacts versions before 0.24.4. Users are advised to upgrade to version 0.24.4 or later to mitigate the risk. As a temporary workaround, disabling shared subscriptions can help to minimize exposure.

Affected Version(s)

nanomq < 0.24.4

References

https://github.com/nanomq/nanomq/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/nanomq/nanomq/issues/2110
x_refsource_MISC
https://github.com/nanomq/nanomq/commit/5f5581054bb92f102...
x_refsource_MISC

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-59947 : Buffer Overflow in NanoMQ Messaging Broker for IoT Edge and SDV