CVE-2025-56353

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions tinyMQTT versions prior to commit 6226ade15bd4f97be2d196352e64dd10937c1962

Description A memory leak exists because the broker does not validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with large or invalid filter payloads. Each request allocates memory for the malformed topic filter, but the broker does not release this memory, resulting in increasing heap usage and potential denial of service with sustained attacks.

Recommendations Update to commit 6226ade15bd4f97be2d196352e64dd10937c1962 or a later version.

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CVE-2025-56353

Affected Products

Tinymqtt

CVE-2025-56353

Weakness Enumeration

Related Identifiers

Affected Products

References · 7