exploitDog

CVE-2025-65503

Опубликовано: 24 нояб. 2025

Источник: nvd

CVSS3: 5.5

CVSS3: 7.5

EPSS Низкий

Описание

Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.

Ссылки

https://github.com/redboltz/async_mqtt/issues/436
Exploit
Issue Tracking
Patch
https://github.com/redboltz/async_mqtt/pull/437
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redboltz:async_mqtt:10.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00041

Низкий

5.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

GHSA-957v-8427-4g8j

CVSS3: 7.5

github

2 месяца назад

Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.

EPSS

Процентиль: 12%

0.00041

Низкий

5.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-416