logo

Database

Lack of data validation In mqtt

Description

MQTT does not validate hostnames A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-127902. NVD-2025-127903. OSV-2025-127904. GCVE-2025-127905. ACCESS-CVE-2025-12790

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=24130042. https://github.com/njh/ruby-mqtt/blob/main/NEWS.md#ruby-mqtt-version-070-2025-10-29

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.