CVE-2025-59946 HIGH

CVE-2025-59946: NanoMQ has a Use After Free vulnerability via sub info list

Vendor Nanomq
Product nanomq
Weakness CWE-416
Published December 27, 2025
Last update December 29, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.

Key dates

02Disclosure timeline

December 27, 2025 CVE published
December 29, 2025 Record updated