CVE-2025-62413

Name of the Vulnerable Software and Affected Versions MQTTX version 1.12.0

Description MQTTX, an MQTT 5.0 desktop client and testing tool, contains a flaw where improperly handled MQTT message payloads can lead to Cross-Site Scripting (XSS). Malicious payloads with HTML or JavaScript could be rendered in the MQTTX message viewer, potentially allowing attackers to execute scripts within the application's user interface. This could lead to unauthorized access to MQTT connection credentials or the triggering of unintended actions. The issue is particularly relevant in untrusted or multi-tenant environments where message content is not fully controlled.

Recommendations Update to MQTTX version 1.12.1.