PT-2025-45694 · Rubygems · Mqtt

Published

2025-11-06

·

Updated

2025-11-06

CVSS v3.1

7.4

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-29

Related Identifiers

GHSA-9C5Q-W6GR-FXCQ

Affected Products

Mqtt