What is the CVSS score of CVE-2025-56353?

CVE-2025-56353 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Tinymqtt are affected by CVE-2025-56353?

CVE-2025-56353 presents notable security risk rated CVSS 7.5. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2025-56353?

Yes, a public proof-of-concept exploit is available for CVE-2025-56353. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-56353?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Tinymqtt CVE-2025-56353

HIGH

Memory Leak (CWE-401)

2026-01-20 cve@mitre.org

Denial Of Service Tinymqtt

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 03, 2026 - 21:54 vuln.today

Public exploit code

CVE Published

Jan 20, 2026 - 16:16 nvd

HIGH 7.5

DescriptionCVE.org

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter payloads. Each request causes memory to be allocated for the malformed topic filter, but the broker does not free the associated memory, leading to unbounded heap growth and potential denial of service under sustained attack.

AnalysisAI

Technical ContextAI

Classified as CWE-401 (Memory Leak). Affects Tinymqtt. In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter payloads. Each request causes memory to be allocated for the malformed topic filter, but the broker does not free the associated memory, leading to unbounded heap growth and potential denial of service

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-56353 vulnerability details – vuln.today

Back

Tinymqtt CVE-2025-56353

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code