ADVISORIES

• CVE-2025-12790 (NVD)
• GHSA-9c5q-w6gr-fxcq
• Vendor Advisory

GEM

mqtt

SEVERITY

CVSS v3.x: 7.4 (High)

PATCHED VERSIONS

• >= 0.7.0

DESCRIPTION

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2025-12790
• https://github.com/njh/ruby-mqtt/releases/tag/v0.7.0
• https://github.com/njh/ruby-mqtt/blob/main/NEWS.md#ruby-mqtt-version-070-2025-10-29
• https://access.redhat.com/security/cve/CVE-2025-12790
• https://bugzilla.redhat.com/show_bug.cgi?id=2413004
• https://github.com/advisories/GHSA-9c5q-w6gr-fxcq