Edge Messaging Platform Vulnerability in NanoMQ MQTT Broker
CVE-2025-68699

6.5MEDIUM

Key Information:

Vendor: NanoMQ
Status: NanoMQ
Vendor: CVE Published:; 4 February 2026

What is CVE-2025-68699?

The NanoMQ MQTT Broker has a vulnerability involving a protocol parsing inconsistency in version 0.24.6. This issue arises during the handling of shared subscriptions where malformed SUBSCRIBE topics are not validated correctly. Specifically, a missing element in the topic filter input can lead to the broker storing an invalid subscription. Subsequently, operations that match these subscriptions can trigger crashes due to invalid memory accesses, making the broker susceptible to remote attacks that exploit this flaw to cause service disruptions.

Affected Version(s)

nanomq = 0.24.6

References

https://github.com/nanomq/nanomq/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/nanomq/nanomq/commit/89d68d678e7f841ae...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2026
Vulnerability Reserved
Dec 23, 2025

CVE-2025-68699 Data

JSON